Overview

File _patchinfo of Package patchinfo.7393

<patchinfo incident="7393">
  <issue id="1059758" tracker="bnc">Minion resource exhaustion when many functions are being executing in parallel</issue>
  <issue id="1062462" tracker="bnc">VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation</issue>
  <issue id="1062464" tracker="bnc">VUL-0: CVE-2017-14696: salt: Remote DoS with a specially crafted authentication request</issue>
  <issue id="1042749" tracker="bnc">salt-bash-completion creates /some/where/~/.cache/salt-comp-cache_functions</issue>
  <issue id="1061407" tracker="bnc">Wrong version reported by Salt 2017.7.1 on the CLI and grains (products:next)</issue>
  <issue id="1052264" tracker="bnc">Add patches to salt to support SUSE Manager scalability features</issue>
  <issue id="985112" tracker="bnc">salt-master process reaches 'TasksMax' on SLES12 SP2 and fails</issue>
  <issue id="2017-14696" tracker="cve" />
  <issue id="2017-14695" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>tampakrap</packager>
  <description>
  
Salt was updated to 2017.7.2 and also to fix various bugs and security issues.

See https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html for full changelog.

Security issues fixed:

- CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462)
- CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464)

Non security issues fixed:

- Add possibility to generate _version.py at the build time for
  raw builds: https://github.com/saltstack/salt/pull/43955
- Fix salt target-type field returns "String" for existing 
  jids but an empty "Array" for non existing jids. (issue #1711)
- Fixed minion resource exhaustion when many functions are being
  executed in parallel (boo#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older
  versions of systemd (boo#985112)
- Provide custom SUSE salt-master.service file.
- Fix wrong version reported by Salt (boo#1061407)
- list_pkgs: add parameter for returned attribute selection (boo#1052264)
- Adding the leftover for zypper and yum list_pkgs functionality.
- Use $HOME to get the user home directory instead using '~' char (boo#1042749)
</description>
  <summary>Security update for salt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places