Overview

File _patchinfo of Package patchinfo.23384

<patchinfo incident="23384">
  <issue tracker="cve" id="2022-22935"/>
  <issue tracker="cve" id="2022-22941"/>
  <issue tracker="cve" id="2022-22936"/>
  <issue tracker="cve" id="2022-22934"/>
  <issue tracker="bnc" id="1197417">VUL-0: EMBARGOED: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941: salt: 3002.8,3004.1 release</issue>
  <packager>juliogonzalezgil</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for salt</summary>
  <description>This update for salt fixes the following issues:

- CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
- CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)
</description>
  <zypp_restart_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places