|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:3815-1)|
|Summary:||The remote host is missing an update for the 'salt' package(s) announced via the SUSE-SU-2018:3815-1 advisory.|
The remote host is missing an update for the 'salt' package(s) announced via the SUSE-SU-2018:3815-1 advisory.
This update for salt fixes the following issues:
Security issues fixed:
CVE-2018-15750: Fixed directory traversal vulnerability in salt-api
CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi)
that allows to execute arbitrary commands (bsc#1113699).
Non-security issues fixed:
Improved handling of LDAP group id. gid is no longer treated as a
string, which could have lead to faulty group creations (bsc#1113784).
Fixed async call to process manager (bsc#1110938).
Fixed OS arch detection when RPM is not installed (bsc#1114197).
'salt' package(s) on SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Basesystem 15
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-15750|
Common Vulnerability Exposure (CVE) ID: CVE-2018-15751
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.