Sicherheit: Zwei Probleme in Salt - Pro-Linux

   SUSE Security Update: Security update for Salt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:0881-1
Rating:             moderate
References:         #1114029 #1122680 #1125015 
Cross-References:   CVE-2018-15750 CVE-2018-15751
Affected Products:
                    SUSE Manager Tools 12-BETA
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:

   This update fixes the following issues:

   salt:

   - Removing patch to add root paramet to zypper module
   - Patch modification due to offset caused by previous patch removal
   - Fix for -t parameter in mount module
   - Async batch implementation
   - Update to 2019.2 release
   - Add virt.volume_infos and virt.volume_delete functions
   - Bugfix: properly refresh pillars (bsc#1125015)
   - Removes version from python3 requirement completely
   - Alignment with Salt 2019.2.0 RC2 from upstream.
   - Update to 2019.2.0~rc2
   - Add virt.all_capabilities to return all host and domain capabilities at
     once
   - Don't call zypper with more than one --no-refresh (PR#51382)
   - Switch to better version nomenclature. Using ~ for the rc1 suffix.
   - Add "id_" and "force" to the whitelist of API check
   - Add metadata to accepted keyword arguments (bsc#1122680)
   - Fix "pkg.list_pkgs" output when using "attr" to take the
 arch into
     account (bsc#1114029)
   - Update Salt to 2019.2.0rc1

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12-BETA:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-881=1

Package List:

   - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):

      libzmq3-4.0.4-18.2.1
      libzmq3-debuginfo-4.0.4-18.2.1
      python-MarkupSafe-0.18-6.3.1
      python-MarkupSafe-debuginfo-0.18-6.3.1
      python-MarkupSafe-debugsource-0.18-6.3.1
      python-PyYAML-3.12-29.2.1
      python-PyYAML-debuginfo-3.12-29.2.1
      python-PyYAML-debugsource-3.12-29.2.1
      python-msgpack-python-0.4.6-11.2.1
      python-msgpack-python-debuginfo-0.4.6-11.2.1
      python-msgpack-python-debugsource-0.4.6-11.2.1
      python-psutil-5.2.2-18.2.1
      python-psutil-debuginfo-5.2.2-18.2.1
      python-psutil-debugsource-5.2.2-18.2.1
      python-pycrypto-2.6.1-13.2.1
      python-pyzmq-14.0.0-12.2.1
      python-pyzmq-debuginfo-14.0.0-12.2.1
      python-pyzmq-debugsource-14.0.0-12.2.1
      python-tornado-4.2.1-20.2.1
      python-tornado-debuginfo-4.2.1-20.2.1
      python-tornado-debugsource-4.2.1-20.2.1
      python2-salt-2019.2.0-49.3.8
      python3-MarkupSafe-0.18-6.3.1
      python3-PyYAML-3.12-29.2.1
      python3-msgpack-python-0.4.6-11.2.1
      python3-psutil-5.2.2-18.2.1
      python3-pycrypto-2.6.1-13.2.1
      python3-pyzmq-14.0.0-12.2.1
      python3-salt-2019.2.0-49.3.8
      python3-tornado-4.2.1-20.2.1
      salt-2019.2.0-49.3.8
      salt-doc-2019.2.0-49.3.8
      salt-minion-2019.2.0-49.3.8
      zeromq-debugsource-4.0.4-18.2.1

   - SUSE Manager Tools 12-BETA (ppc64le s390x x86_64):

      python-pycrypto-debuginfo-2.6.1-13.2.1

   - SUSE Manager Tools 12-BETA (noarch):

      python-Jinja2-2.8-22.2.1
      python-futures-3.0.2-18.2.1
      python-requests-2.11.1-9.2.1
      python3-Jinja2-2.8-22.2.1
      python3-requests-2.11.1-9.2.1

References:

   https://www.suse.com/security/cve/CVE-2018-15750.html
   https://www.suse.com/security/cve/CVE-2018-15751.html
   https://bugzilla.suse.com/1114029
   https://bugzilla.suse.com/1122680
   https://bugzilla.suse.com/1125015

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates