Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for salt

Salt was updated to 2017.7.2 and also to fix various bugs and security issues.

See the following resources for the full changelog:
https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html

Security issues fixed:

- CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462)
- CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464)
- CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master (boo#1053955)

Non security issues fixed:

- Add possibility to generate _version.py at the build time for
raw builds: https://github.com/saltstack/salt/pull/43955
- Fix salt target-type field returns "String" for existing
jids but an empty "Array" for non existing jids. (issue #1711)
- Fixed minion resource exhaustion when many functions are being
executed in parallel (boo#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older
versions of systemd (boo#985112)
- Provide custom SUSE salt-master.service file.
- Fix wrong version reported by Salt (boo#1061407)
- list_pkgs: add parameter for returned attribute selection (boo#1052264)
- Adding the leftover for zypper and yum list_pkgs functionality.
- Use $HOME to get the user home directory instead using '~' char (boo#1042749)
- fix ownership for whole master cache directory (boo#1035914)
- fix setting the language on SUSE systems (boo#1038855)
- wrong os_family grains on SUSE - fix unittests (boo#1038855)
- speed-up cherrypy by removing sleep call
- Disable 3rd party runtime packages to be explicitly recommended.
(boo#1040886)
- fix format error (boo#1043111)
- Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV)
to restart salt-minion in case of crashes during upgrade.
- Add procps as dependency.
- Bugfix: jobs scheduled to run at a future time stay
pending for Salt minions (boo#1036125)
- Wrong os_family grains on SUSE - fix unittests. (boo#1038855)
- Fix setting the language on SUSE systems. (boo#1038855)
- Bugfix: unable to use hostname for minion ID as '127'. (upstream)
- Bugfix: remove sleep call in CheppryPy API handler. (upstream)
- Fix core grains constants for timezone. (boo#1032931)
- Prevents zero length error on Python 2.6.
- Fixes zypper test error after backporting.
- Refactoring on Zypper and Yum execution and state modules to allow
installation of patches/errata.
- Allows to set 'timeout' and 'gather_job_timeout' via kwargs.
- Add missing bootstrap script for Salt Cloud. (boo#1032452)
- raet protocol is no longer supported. (boo#1020831)
- Fix: add missing /var/cache/salt/cloud directory. (boo#1032213)
- Cleanup salt user environment preparation. (boo#1027722)
- Fix: race condition on cache directory creation.
- Fix: /var/log/salt/minion fails logrotate. (boo#1030009)
- Fix: Result of master_tops extension is mutually overwritten.
(boo#1030073)
- Allows to set custom timeouts for 'manage.up' and 'manage.status'.
- Keep fix for migrating salt home directory. (boo#1022562)
- Fix salt-minion update on RHEL. (boo#1022841)
- Prevents 'OSError' exception in case certain job cache path
doesn't exist. (boo#1023535)

Fixed bugs
bnc#1059758
Minion resource exhaustion when many functions are being executing in parallel
bnc#1062462
VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation
bnc#1062464
VUL-0: CVE-2017-14696: salt: Remote DoS with a specially crafted authentication request
bnc#1042749
salt-bash-completion creates /some/where/~/.cache/salt-comp-cache_functions
bnc#1061407
Wrong version reported by Salt 2017.7.1 on the CLI and grains (products:next)
bnc#1052264
Add patches to salt to support SUSE Manager scalability features
bnc#985112
salt-master process reaches 'TasksMax' on SLES12 SP2 and fails
CVE-2017-14696
CVE-2017-14695
bnc#1053955
VUL-0: CVE-2017-12791: salt: Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
bnc#1038855
wrong use of os_family string for Suse in the locale module and others
bnc#1043111
format error in log message
bnc#1035914
Trying to bootstrap any minion: "permission denied: '/tmp/.root_9e39f9_salt/running_data'"
bnc#1040886
salt-minion recommends mariadb
bnc#1036125
Jobs scheduled to run at a future time stay pending for Salt minions
CVE-2017-12791
bnc#1027722
[Regression] Permission problem: salt-ssh minion boostrap doesn't work anymore.
bnc#1038855
wrong use of os_family string for Suse in the locale module and others
bnc#1023535
minion-action-cleanup in taskomatic keeps failing
bnc#1032452
salt-cloud package misses deployment scripts
bnc#1022841
unable to update salt-minion on RHEL
bnc#1032931
[Salt] timezone.get_zone does not work on SLE11
bnc#1030073
Result of master_tops extension is mutually overwritten
bnc#1020831
salt-raet installation causes salt-master to crash
bnc#1022562
Regression: salt-ssh minion boostrap doesn't work anymore.
bnc#1030009
/var/log/salt/minion fails logrotate
bnc#1032213
salt-cloud package missing directory
Selected Binaries
openSUSE Build Service is sponsored by
Places