File _patchinfo of Package patchinfo.16558
<patchinfo incident="16558"> <issue tracker="bnc" id="1171257">Minion did not return. [No response] on salt under Python 3.8</issue> <issue tracker="bnc" id="1176293">According to pip/setuptools, salt depends on msgpack!=0.5.5,<1.0.0,>=0.5, but I can install python3-salt in Tumbleweed, which has python3-msgpack 1.0.0</issue> <issue tracker="bnc" id="1185092">Required Salt "ansiblegate" improvements for SUSE Manager 4.2 are missing on SLE15SP3:GA</issue> <issue tracker="bnc" id="1179831">Scheduled SSH-Push Tasks throws Exception and cause Salt-API to fail</issue> <issue tracker="bnc" id="1181368">L3: Ubuntu salt-minion freezes running salt-call state.apply</issue> <issue tracker="bnc" id="1182293">nothing provides python3-distro needed by python3-salt-3002.2-8.25.1.x86_64</issue> <issue tracker="bnc" id="1182281">SSH-Push/Salt-SSH "Adding minions for job xyz: [None]" cause unhandled Exception and salt-api to crash</issue> <issue tracker="bnc" id="1185281">VUL-0: CVE-2021-31607: salt: Command injection in the snapper module</issue> <issue tracker="bnc" id="1186674">Package installation fails on Ubuntu 20.04 SSH minion because dpkgnotify is not found</issue> <issue tracker="cve" id="2020-11651"/> <issue tracker="cve" id="2021-31607"/> <issue tracker="cve" id="2020-11652"/> <issue tracker="cve" id="2018-15751"/> <issue tracker="cve" id="2018-15750"/> <issue tracker="cve" id="2020-25592"/> <issue tracker="jsc" id="ECO-3212"/> <issue tracker="jsc" id="SLE-18028"/> <issue tracker="jsc" id="SLE-18033"/> <issue tracker="bnc" id="1182382">VUL-0: CVE-2021-25315: salt: salt-api unauthenticated remote code exec</issue> <issue tracker="cve" id="2021-25315"/> <packager>PSuarezHernandez</packager> <rating>critical</rating> <category>security</category> <summary>Security update for salt</summary> <description>This update for salt fixes the following issues: Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Check if dpkgnotify is executable (bsc#1186674) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382) - Always require `python3-distro` (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Fix pkg states when DEB package has "all" arch - Do not force beacons configuration to be a list. - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18033) - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) This update was imported from the SUSE:SLE-15-SP2:Update update project. </description> <zypp_restart_needed/> </patchinfo>
