Overview
Security update for salt

This update for salt fixes the following issues:

Security issues fixed:

- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).

Non-security issues fixed:

- Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
- Fixed async call to process manager (bsc#1110938)
- Fixed OS arch detection when RPM is not installed (bsc#1114197)
- Crontab module fix: file attributes option missing (bsc#1114824)
- Fix git_pillar merging across multiple __env__ repositories (bsc#1112874)

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1113698
VUL-0: CVE-2018-15750: salt: directory traversal vulnerability in salt-api
bnc#1113699
VUL-0: CVE-2018-15751: salt: remote authentication bypass in salt-api(netapi) allows to execute arbitrary commands
bnc#1110938
L3: salt-minion WARNING on restart sumautil.py & module.run deprecated version Sodium
bnc#1113784
L3: Test for group and create group fails when running from SUMA, works when run from client
bnc#1114197
null value in column "server_arch_id"
CVE-2018-15750
CVE-2018-15751
bnc#1112874
L3-Question: salt master + multiple ext_pillar - possible unexpected behaviour
bnc#1114824
cron.file broken: "Unable to manage file: manage_file() takes at least 11 arguments (10 given)"
Selected Binaries
openSUSE Build Service is sponsored by
Places