Security update for salt
This update for salt fixes the following issues:
- Support querying for JSON data in external sql pillar.
- Exclude the full path of a download URL to prevent injection of malicious code.
(bsc#1190265, CVE-2021-21996)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Pablo Suárez Hernández (PSuarezHernandez)
- Restart package-manager is suggested
Fixed bugs
bnc#1190265
VUL-0: CVE-2021-21996: salt: root exploit on minion when able to access a file source
