{"affected":[{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-46.88.1","python3-salt":"2019.2.0-46.88.1","salt":"2019.2.0-46.88.1","salt-doc":"2019.2.0-46.88.1","salt-minion":"2019.2.0-46.88.1"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-46.88.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-46.88.1","salt":"2019.2.0-46.88.1","salt-api":"2019.2.0-46.88.1","salt-bash-completion":"2019.2.0-46.88.1","salt-cloud":"2019.2.0-46.88.1","salt-doc":"2019.2.0-46.88.1","salt-master":"2019.2.0-46.88.1","salt-minion":"2019.2.0-46.88.1","salt-proxy":"2019.2.0-46.88.1","salt-ssh":"2019.2.0-46.88.1","salt-standalone-formulas-configuration":"2019.2.0-46.88.1","salt-syndic":"2019.2.0-46.88.1","salt-zsh-completion":"2019.2.0-46.88.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Advanced Systems Management 12","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-46.88.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-46.88.1","salt":"2019.2.0-46.88.1","salt-minion":"2019.2.0-46.88.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 12 SP2","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-46.88.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-46.88.1","python3-salt":"2019.2.0-46.88.1","salt":"2019.2.0-46.88.1","salt-minion":"2019.2.0-46.88.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 3.2","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-46.88.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-46.88.1","python3-salt":"2019.2.0-46.88.1","salt":"2019.2.0-46.88.1","salt-api":"2019.2.0-46.88.1","salt-bash-completion":"2019.2.0-46.88.1","salt-cloud":"2019.2.0-46.88.1","salt-doc":"2019.2.0-46.88.1","salt-master":"2019.2.0-46.88.1","salt-minion":"2019.2.0-46.88.1","salt-proxy":"2019.2.0-46.88.1","salt-ssh":"2019.2.0-46.88.1","salt-standalone-formulas-configuration":"2019.2.0-46.88.1","salt-syndic":"2019.2.0-46.88.1","salt-zsh-completion":"2019.2.0-46.88.1"}]},"package":{"ecosystem":"SUSE:Manager Server 3.2","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-46.88.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update fixes the following issues:\n\nsalt:\n\n- RHEL/CentOS 8 uses platform-python instead of python3\n- New configuration option for selection of grains in the minion start event.\n- Fix 'os_family' grain for Astra Linux Common Edition\n- Fix for salt-api NET API where unauthenticated attacker could run\n  arbitrary code (CVE-2019-17361) (bsc#1162504)\n- Adds disabled parameter to mod_repo in aptpkg module\n- Move token with atomic operation\n- Bad API token files get deleted (bsc#1160931)\n- Support for Btrfs and XFS in parted and mkfs added\n- Adds list_downloaded for apt Module to enable pre-downloading support\n- Adds virt.(pool|network)_get_xml functions\n- Virt: adding kernel boot parameters to libvirt xml\n- Fix to scheduler when data['run'] does not exist (bsc#1159118)\n- Fix virt states to not fail on VMs already stopped\n- Fix applying of attributes for returner rawfile_json (bsc#1158940)\n- Xfs: do not fail if type is not present (bsc#1153611)\n- Don't use __python indirection macros on spec file\n  %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020);\n  additionally, python/python3 are just binaries in the path.\n- Fix errors when running virt.get_hypervisor function\n- Align virt.full_info fixes with upstream Salt\n- Fix for log checking in x509 test\n- Prevent test_mod_del_repo_multiline_values to fail\n- Read repo info without using interpolation (bsc#1135656)\n- Replacing pycrypto with M2Crypto as dependency for >= SLE15 (bsc#1165425)\n- Batch Async: Handle exceptions, properly unregister and close instances\n  after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327)\n- Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897)\n","id":"SUSE-RU-2020:0685-1","modified":"2020-03-13T13:13:12Z","published":"2020-03-13T13:13:12Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2020-685/suse-ru-20200685-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135656"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157465"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158940"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160931"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162504"},{"type":"REPORT","url":"https://bugzilla.suse.com/1165425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17361"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18897"}],"related":["CVE-2019-17361","CVE-2019-18897"],"summary":"Recommended update for Salt","upstream":["CVE-2019-17361","CVE-2019-18897"]}