{"affected":[{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy","purl":"pkg:rpm/suse/saltbundlepy&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.11-1.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-core","purl":"pkg:rpm/suse/saltbundlepy-core&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.11-1.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-cython","purl":"pkg:rpm/suse/saltbundlepy-cython&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.29.37-1.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-jinja2","purl":"pkg:rpm/suse/saltbundlepy-jinja2&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.2-1.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-lxml","purl":"pkg:rpm/suse/saltbundlepy-lxml&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.4-1.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-m2crypto","purl":"pkg:rpm/suse/saltbundlepy-m2crypto&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.45.1-1.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-msgpack","purl":"pkg:rpm/suse/saltbundlepy-msgpack&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.7-1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-ply","purl":"pkg:rpm/suse/saltbundlepy-ply&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11-1.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-tornado","purl":"pkg:rpm/suse/saltbundlepy-tornado&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.3.2-1.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"saltbundlepy-zypp-plugin","purl":"pkg:rpm/suse/saltbundlepy-zypp-plugin&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.6.5-1.11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"saltbundlepy":"3.11.11-1.32.1","saltbundlepy-base":"3.11.11-1.32.1","saltbundlepy-curses":"3.11.11-1.32.1","saltbundlepy-cython":"0.29.37-1.12.2","saltbundlepy-dbm":"3.11.11-1.32.1","saltbundlepy-devel":"3.11.11-1.32.1","saltbundlepy-jinja2":"3.1.2-1.12.2","saltbundlepy-libs":"3.11.11-1.32.1","saltbundlepy-lxml":"4.9.4-1.21.1","saltbundlepy-lxml-devel":"4.9.4-1.21.1","saltbundlepy-lxml-doc":"4.9.4-1.21.1","saltbundlepy-m2crypto":"0.45.1-1.12.1","saltbundlepy-m2crypto-doc":"0.45.1-1.12.1","saltbundlepy-msgpack":"1.0.7-1.14.1","saltbundlepy-ply":"3.11-1.8.1","saltbundlepy-ply-doc":"3.11-1.8.1","saltbundlepy-testsuite":"3.11.11-1.32.1","saltbundlepy-tools":"3.11.11-1.32.1","saltbundlepy-tornado":"6.3.2-1.12.2","saltbundlepy-zypp-plugin":"0.6.5-1.11.1","venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:SaltBundle:Update","name":"venv-salt-minion","purl":"pkg:rpm/suse/venv-salt-minion&distro=SUSE:EL-9:Update:Products:SaltBundle:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-1.59.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"venv-salt-minion":"3006.0-1.59.1"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"venv-salt-minion","purl":"pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-1.59.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\nvenv-salt-minion:\n    \n- Security issues fixed:\n  \n  - CVE-2024-38822: Fixed Minion token validation (bsc#1244561)\n  - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)\n  - CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)\n  - CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)\n  - CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)\n  - CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)\n  - CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)\n  - CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)\n  - CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)\n  - CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574) \n  - CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)\n  - CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)\n\n- Other bugs fixed:\n\n  - Added subsystem filter to udev.exportdb (bsc#1236621)\n  - Fixed Ubuntu 24.04 test failures\n  - Fixed refresh of osrelease and related grains on Python 3.10+\n  - Fixed issue requiring proper Python flavor for dependencies\n  - Fixed VIRTUAL_ENV variable in activate file to point to actual path\n  - Fixed the bundle path in pyvenv.cfg\n  - Prevent tests failures when pygit2 is not present\n\n","id":"SUSE-SU-2025:02499-1","modified":"2025-07-23T12:46:00Z","published":"2025-07-23T12:46:00Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502499-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236621"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243268"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244561"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244564"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244566"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244567"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244568"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244570"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244571"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244572"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244574"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244575"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38822"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38824"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38825"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22236"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22237"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22238"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22239"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22240"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22241"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22242"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47287"}],"related":["CVE-2024-38822","CVE-2024-38823","CVE-2024-38824","CVE-2024-38825","CVE-2025-22236","CVE-2025-22237","CVE-2025-22238","CVE-2025-22239","CVE-2025-22240","CVE-2025-22241","CVE-2025-22242","CVE-2025-47287"],"summary":"Security update 5.0.5 for Multi-Linux Manager Salt Bundle","upstream":["CVE-2024-38822","CVE-2024-38823","CVE-2024-38824","CVE-2024-38825","CVE-2025-22236","CVE-2025-22237","CVE-2025-22238","CVE-2025-22239","CVE-2025-22240","CVE-2025-22241","CVE-2025-22242","CVE-2025-47287"]}