Overview

File _patchinfo of Package patchinfo.6185

<patchinfo incident="6185">
  <zypp_restart_needed/>
  <rating>moderate</rating>
  <packager>juliogonzalezgil</packager>
  <category>security</category>
  <summary>Security update for Salt</summary>
  <description>This update for salt fixes one security issue and bugs.

The following security issues have been fixed:

- CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect
  credentials to authenticate to a master via a crafted minion ID. (bsc#1062462)
- CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication 
  request. (bsc#1062464)

Additionally, the following non-security issues have been fixed:

- Removed deprecation warning for beacon configuration using dictionaries. (bsc#1041993)
- Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230)
- Fixed minion resource exhaustion when many functions are being executed in parallel. (bsc#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions of systemd. (bsc#985112)
- Fix for delete_deployment in Kubernetes module. (bsc#1059291)
- Catching error when PIDfile cannot be deleted. (bsc#1050003)
- Use $HOME to get the user home directory instead using '~' char. (bsc#1042749)
</description>
  <issue id="1041993" tracker="bnc">After bootstrap salt client has deprecation warnings</issue>
  <issue id="1042749" tracker="bnc">salt-bash-completion creates /some/where/~/.cache/salt-comp-cache_functions</issue>
  <issue id="1050003" tracker="bnc">Permission denied: '/var/run/salt-master.pid'</issue>
  <issue id="1059291" tracker="bnc">Tearing down deployment with SaltStack Kubernetes module always shows error</issue>
  <issue id="1059758" tracker="bnc">Minion resource exhaustion when many functions are being executing in parallel</issue>
  <issue id="1060230" tracker="bnc">beacons.conf on salt-minion not processed</issue>
  <issue id="1062462" tracker="bnc">CVE-2017-14695: salt: directory traversal vulnerability in minion id validation</issue>
  <issue id="1062464" tracker="bnc">CVE-2017-14696: salt: Remote DoS with a specially crafted authentication request</issue>
  <issue id="985112" tracker="bnc">salt-master process reaches 'TasksMax' on SLES12 SP2 and fails</issue>
  <issue id="2017-14695" tracker="cve"/>
  <issue id="2017-14696" tracker="cve"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places