Overview

File _patchinfo of Package patchinfo.9310

<patchinfo incident="9310">
  <issue tracker="bnc" id="1113698">VUL-0: CVE-2018-15750: salt: directory traversal vulnerability in salt-api</issue>
  <issue tracker="bnc" id="1113699">VUL-0: CVE-2018-15751: salt: remote authentication bypass in salt-api(netapi) allows to execute arbitrary commands</issue>
  <issue tracker="bnc" id="1110938">L3: salt-minion WARNING on restart sumautil.py &amp; module.run deprecated version Sodium</issue>
  <issue tracker="bnc" id="1113784">L3: Test for group and create group fails when running from SUMA, works when run from client</issue>
  <issue id="1114197" tracker="bnc">null value in column &quot;server_arch_id&quot;</issue>
  <issue tracker="cve" id="2018-15750"/>
  <issue tracker="cve" id="2018-15751"/>
  <category>security</category>
  <rating>important</rating>
  <packager>juliogonzalezgil</packager>
  <description>This update for salt fixes the following issues:

Security issues fixed:

- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).

Non-security issues fixed:

- Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
- Fixed async call to process manager (bsc#1110938).
- Fixed OS arch detection when RPM is not installed (bsc#1114197).
</description>
  <summary>Security update for salt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places