Overview

File _patchinfo of Package patchinfo.16896

<patchinfo incident="16896">
  <issue tracker="bnc" id="1178485">Regression: salt ssh identity file is created with double quotes as passphrase</issue>
  <issue tracker="bnc" id="1176397">Failed to apply highstate and errors "...was not found in SLS"</issue>
  <issue tracker="bnc" id="1177867">L3: salt: blkid() got an unexpected keyword argument '__pub_user'</issue>
  <issue tracker="bnc" id="1175987">Xen virtual machine created with Salt fails to boot</issue>
  <issue tracker="bnc" id="1176294">salt RPM scriptlet contains syntax error</issue>
  <issue tracker="bnc" id="1176024">UTF-8 trouble in Python 2.7 minion environment</issue>
  <issue tracker="bnc" id="1159670">Salt's pkg.search logs unnecessary errors</issue>
  <issue tracker="bnc" id="1178361">VUL-0: CVE-2020-16846: salt: unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client.</issue>
  <issue tracker="bnc" id="1178319">VUL-0: CVE-2020-25592: salt: Salt-netapi improperly validates eauth credentials and tokens.</issue>
  <issue tracker="bnc" id="1178362">VUL-0: CVE-2020-17490: salt: SSL keys were not created with correct file permissions</issue>
  <issue tracker="cve" id="2020-16846"/>
  <issue tracker="cve" id="2020-25592"/>
  <issue tracker="cve" id="2020-17490"/>
  <packager>PSuarezHernandez</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for salt</summary>
  <description>This update for salt fixes the following issues:

- Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string (bsc#1178485)
- Properly validate eauth credentials and tokens on SSH calls made by Salt API 
  (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)
- Fix disk.blkid to avoid unexpected keyword argument '__pub_user'. (bsc#1177867)
- Ensure virt.update stop_on_reboot is updated with its default value.
- Do not break package building for systemd OSes.
- Drop wrong mock from chroot unit test.
- Support systemd versions with dot. (bsc#1176294)
- Fix for grains.test_core unit test.
- Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024)
- Several changes to virtualization:
  * Fix virt update when cpu and memory are changed.
  * Memory Tuning GSoC.
  * Properly fix memory setting regression in virt.update.
  * Expose libvirt on_reboot in virt states.
- Support transactional systems (MicroOS).
- zypperpkg module ignores retcode 104 for search(). (bsc#1159670)
- Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987)
- Invalidate file list cache when cache file modified time is in the future. (bsc#1176397)
- Prevent import errors when running test_btrfs unit tests
</description>
  <zypp_restart_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places