File _patchinfo of Package patchinfo.18401

<patchinfo incident="18401">
  <issue tracker="cve" id="2020-35662"/>
  <issue tracker="cve" id="2021-25281"/>
  <issue tracker="cve" id="2021-3148"/>
  <issue tracker="cve" id="2021-25283"/>
  <issue tracker="cve" id="2021-3144"/>
  <issue tracker="cve" id="2021-3197"/>
  <issue tracker="cve" id="2021-25284"/>
  <issue tracker="cve" id="2021-25282"/>
  <issue tracker="cve" id="2020-28243"/>
  <issue tracker="cve" id="2020-28972"/>
  <issue tracker="bnc" id="1181559">VUL-0: CVE-2021-25281: salt: API does not honor eAuth credentials for the wheel_async client</issue>
  <issue tracker="bnc" id="1181560">VUL-0: CVE-2021-25282: salt: salt.wheel.pillar_roots.write method is vulnerable to directory traversal</issue>
  <issue tracker="bnc" id="1181564">VUL-0: CVE-2021-3197: salt: Salt-API's SSH client is vulnerable to a shell injection by including ProxyCommand in an argument</issue>
  <issue tracker="bnc" id="1181561">VUL-0: CVE-2021-25283: salt: jinja render does not protect against server-side template injection attacks</issue>
  <issue tracker="bnc" id="1181556">VUL-0: CVE-2020-28243: salt: possible privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory</issue>
  <issue tracker="bnc" id="1181550">VUL-0: salt: February 2021 release</issue>
  <issue tracker="bnc" id="1181565">VUL-0: CVE-2020-35662: salt: certain modules do not always validated SSL certificates</issue>
  <issue tracker="bnc" id="1181563">VUL-0: CVE-2021-25284: salt: Salt.modules.cmdmod can log credential to the &#8220;error&#8221; log level</issue>
  <issue tracker="bnc" id="1181557">VUL-0: CVE-2020-28972: salt: authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate</issue>
  <issue tracker="bnc" id="1181558">VUL-0: CVE-2021-3148: salt: possible command injection when sending crafted web requests to the Salt API via SSH client</issue>
  <issue tracker="bnc" id="1181562">VUL-0: CVE-2021-3144: salt: eauth tokens can be used once after expiration</issue>
  <packager>juliogonzalezgil</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for SUSE Manager 4.1.5.1 Release Notes</summary>
  <description>This update for SUSE Manager 4.1.5.1 Release Notes provides the following additions:

Release notes for SUSE Manager:

- Revision 4.1.5.1
- Bugs mentioned
  bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559, bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563, 
  bsc#1181564, bsc#1181565, CVE-2021-25281, CVE-2021-25282, CVE-2021-3197, CVE-2021-25283, CVE-2020-28243, 
  CVE-2020-35662, CVE-2021-25284, CVE-2020-28972, CVE-2021-3148, CVE-2021-3144

Release notes for SUSE Manager proxy:

- Revision 4.1.5.1
  bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559, bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563, 
  bsc#1181564, bsc#1181565, CVE-2021-25281, CVE-2021-25282, CVE-2021-3197, CVE-2021-25283, CVE-2020-28243, 
  CVE-2020-35662, CVE-2021-25284, CVE-2020-28972, CVE-2021-3148, CVE-2021-3144
</description>
</patchinfo>