Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.0684.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:0684-1)
Summary:The remote host is missing an update for the 'salt' package(s) announced via the SUSE-SU-2020:0684-1 advisory.
Description:Summary:
The remote host is missing an update for the 'salt' package(s) announced via the SUSE-SU-2020:0684-1 advisory.

Vulnerability Insight:
This update for salt fixes the following issues:
Avoid possible user escalation upgrading salt-master (bsc#1157465)
(CVE-2019-18897)

Fix unit tests failures in test_batch_async tests

Batch Async: Handle exceptions, properly unregister and close instances
after running async batching to avoid CPU starvation of the MWorkers
(bsc#1162327)

RHEL/CentOS 8 uses platform-python instead of python3

New configuration option for selection of grains in the minion start
event.

Fix 'os_family' grain for Astra Linux Common Edition

Fix for salt-api NET API where unauthenticated attacker could run
arbitrary code (CVE-2019-17361) (bsc#1162504)

Adds disabled parameter to mod_repo in aptpkg module Move token with
atomic operation Bad API token files get deleted (bsc#1160931)

Support for Btrfs and XFS in parted and mkfs added

Adds list_downloaded for apt Module to enable pre-downloading support
Adds virt.(poolnetwork)_get_xml functions

Various libvirt updates:
* Add virt.pool_capabilities function
* virt.pool_running improvements
* Add virt.pool_deleted state
* virt.network_define allow adding IP configuration

virt: adding kernel boot parameters to libvirt xml

Fix to scheduler when data['run'] does not exist (bsc#1159118)

Fix virt states to not fail on VMs already stopped

Fix applying of attributes for returner rawfile_json (bsc#1158940)

xfs: do not fail if type is not present (bsc#1153611)

Fix errors when running virt.get_hypervisor function

Align virt.full_info fixes with upstream Salt

Fix for log checking in x509 test

Read repo info without using interpolation (bsc#1135656)

Limiting M2Crypto to >= SLE15

Replacing pycrypto with M2Crypto (bsc#1165425)

Affected Software/OS:
'salt' package(s) on SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Module for Python2 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-17361
Common Vulnerability Exposure (CVE) ID: CVE-2019-18897
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.