Overview

File _patchinfo of Package patchinfo.41614

<patchinfo incident="41614">
  <issue tracker="ijsc" id="MSQA-1034"/>
  <issue tracker="bnc" id="1227207">Failure to fetch ext_pillar git</issue>
  <issue tracker="bnc" id="1252244">Leap 16 Salt and Tornado</issue>
  <issue tracker="bnc" id="1251776">Tumbleweed minion no longer connecting to Leap master: "The payload signature did not validate.'"</issue>
  <issue tracker="bnc" id="1250755">salt-minion does not start due to broken symlink</issue>
  <issue tracker="bnc" id="1252285">shadow module spwd NameError on Leap 16</issue>
  <issue tracker="bnc" id="1250520">L3: Error fetching Salt gitfs repository: error loading known_hosts</issue>
  <issue tracker="bnc" id="1254256">VUL-0: CVE-2025-62348: salt: Unsafe yaml decoder in junos execution module</issue>
  <issue tracker="bnc" id="1254257">VUL-0: CVE-2025-62349: salt: Authentication downgrade</issue>
  <issue tracker="cve" id="2025-62349"/>
  <issue tracker="cve" id="2025-62348"/>
  <packager>mczernek</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for salt</summary>
  <description>This update for salt fixes the following issues:

- Security issues fixed:

  - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
  - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
  - Backport security fixes for vendored tornado
    * BDSA-2024-3438
    * BDSA-2024-3439
    * BDSA-2024-9026

- Other changes and bugs fixed:

  - Fixed TLS and x509 modules for OSes with older cryptography module
  - Fixed Salt for Python &gt; 3.11 (bsc#1252285) (bsc#1252244)
    * Use external tornado on Python &gt; 3.11
    * Make tls and x509 to use python-cryptography
    * Remove usage of spwd
  - Fixed payload signature verification on Tumbleweed (bsc#1251776)
  - Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
  - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
  - Improved SL Micro 6.2 detection with grains
  - Reverted requirement of M2Crypto &gt;= 0.44.0 for SUSE Family distros
  - Set python-CherryPy as required for python-salt-testsuite

</description>
  <zypp_restart_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places