File _patchinfo of Package patchinfo.9328
<patchinfo incident="9328"> <issue tracker="bnc" id="1113698">VUL-0: CVE-2018-15750: salt: directory traversal vulnerability in salt-api</issue> <issue tracker="bnc" id="1113699">VUL-0: CVE-2018-15751: salt: remote authentication bypass in salt-api(netapi) allows to execute arbitrary commands</issue> <issue tracker="bnc" id="1110938">L3: salt-minion WARNING on restart sumautil.py & module.run deprecated version Sodium</issue> <issue tracker="bnc" id="1113784">L3: Test for group and create group fails when running from SUMA, works when run from client</issue> <issue id="1114197" tracker="bnc">null value in column "server_arch_id"</issue> <issue tracker="cve" id="2018-15750"/> <issue tracker="cve" id="2018-15751"/> <issue tracker="bnc" id="1112874">L3-Question: salt master + multiple ext_pillar - possible unexpected behaviour</issue> <issue tracker="bnc" id="1114824">cron.file broken: "Unable to manage file: manage_file() takes at least 11 arguments (10 given)"</issue> <category>security</category> <rating>important</rating> <packager>juliogonzalezgil</packager> <description>This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). Non-security issues fixed: - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784). - Fixed async call to process manager (bsc#1110938) - Fixed OS arch detection when RPM is not installed (bsc#1114197) - Crontab module fix: file attributes option missing (bsc#1114824) - Fix git_pillar merging across multiple __env__ repositories (bsc#1112874) This update was imported from the SUSE:SLE-15:Update update project. </description> <summary>Security update for salt</summary> </patchinfo>
