Security update for salt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0627-1 Final 1 1 2021-02-26T10:11:25Z current 2021-02-26T10:11:25Z 2021-02-26T10:11:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for salt This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2021-627,Image SLES12-SP5-Azure-HPC-BYOS-2021-627,Image SLES12-SP5-Azure-SAP-BYOS-2021-627,Image SLES12-SP5-EC2-BYOS-2021-627,Image SLES12-SP5-EC2-SAP-BYOS-2021-627,Image SLES12-SP5-GCE-BYOS-2021-627,Image SLES12-SP5-GCE-SAP-BYOS-2021-627,SUSE-2021-627,SUSE-SLE-Manager-Tools-12-2021-627,SUSE-SLE-Module-Adv-Systems-Management-12-2021-627,SUSE-SLE-POS-12-SP2-2021-627 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ Link for SUSE-SU-2021:0627-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008390.html E-Mail link for SUSE-SU-2021:0627-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181556 SUSE Bug 1181556 https://bugzilla.suse.com/1181557 SUSE Bug 1181557 https://bugzilla.suse.com/1181558 SUSE Bug 1181558 https://bugzilla.suse.com/1181559 SUSE Bug 1181559 https://bugzilla.suse.com/1181560 SUSE Bug 1181560 https://bugzilla.suse.com/1181561 SUSE Bug 1181561 https://bugzilla.suse.com/1181562 SUSE Bug 1181562 https://bugzilla.suse.com/1181563 SUSE Bug 1181563 https://bugzilla.suse.com/1181564 SUSE Bug 1181564 https://bugzilla.suse.com/1181565 SUSE Bug 1181565 https://bugzilla.suse.com/1182740 SUSE Bug 1182740 https://www.suse.com/security/cve/CVE-2020-28243/ SUSE CVE CVE-2020-28243 page https://www.suse.com/security/cve/CVE-2020-28972/ SUSE CVE CVE-2020-28972 page https://www.suse.com/security/cve/CVE-2020-35662/ SUSE CVE CVE-2020-35662 page https://www.suse.com/security/cve/CVE-2021-25281/ SUSE CVE CVE-2021-25281 page https://www.suse.com/security/cve/CVE-2021-25282/ SUSE CVE CVE-2021-25282 page https://www.suse.com/security/cve/CVE-2021-25283/ SUSE CVE CVE-2021-25283 page https://www.suse.com/security/cve/CVE-2021-25284/ SUSE CVE CVE-2021-25284 page https://www.suse.com/security/cve/CVE-2021-3144/ SUSE CVE CVE-2021-3144 page https://www.suse.com/security/cve/CVE-2021-3148/ SUSE CVE CVE-2021-3148 page https://www.suse.com/security/cve/CVE-2021-3197/ SUSE CVE CVE-2021-3197 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-SAP-BYOS SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Point of Sale 12 SP2 SUSE Manager Client Tools 12 python2-salt-3000-46.129.1 salt-3000-46.129.1 salt-minion-3000-46.129.1 python3-salt-3000-46.129.1 salt-api-3000-46.129.1 salt-bash-completion-3000-46.129.1 salt-cloud-3000-46.129.1 salt-doc-3000-46.129.1 salt-fish-completion-3000-46.129.1 salt-master-3000-46.129.1 salt-proxy-3000-46.129.1 salt-ssh-3000-46.129.1 salt-standalone-formulas-configuration-3000-46.129.1 salt-syndic-3000-46.129.1 salt-zsh-completion-3000-46.129.1 python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-Azure-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-Azure-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-Azure-BYOS python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-EC2-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-EC2-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-EC2-BYOS python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-GCE-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-GCE-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-GCE-BYOS python2-salt-3000-46.129.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS salt-3000-46.129.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS salt-minion-3000-46.129.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python2-salt-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-api-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-bash-completion-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-cloud-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-doc-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-master-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-minion-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-proxy-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-ssh-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-standalone-formulas-configuration-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-syndic-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 salt-zsh-completion-3000-46.129.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 python2-salt-3000-46.129.1 as a component of SUSE Linux Enterprise Point of Sale 12 SP2 salt-3000-46.129.1 as a component of SUSE Linux Enterprise Point of Sale 12 SP2 salt-minion-3000-46.129.1 as a component of SUSE Linux Enterprise Point of Sale 12 SP2 python2-salt-3000-46.129.1 as a component of SUSE Manager Client Tools 12 python3-salt-3000-46.129.1 as a component of SUSE Manager Client Tools 12 salt-3000-46.129.1 as a component of SUSE Manager Client Tools 12 salt-doc-3000-46.129.1 as a component of SUSE Manager Client Tools 12 salt-minion-3000-46.129.1 as a component of SUSE Manager Client Tools 12 An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. CVE-2020-28243 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2020-28243.html CVE-2020-28243 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181556 SUSE Bug 1181556 In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. CVE-2020-28972 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2020-28972.html CVE-2020-28972 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181557 SUSE Bug 1181557 In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. CVE-2020-35662 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2020-35662.html CVE-2020-35662 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181565 SUSE Bug 1181565 An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. CVE-2021-25281 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-25281.html CVE-2021-25281 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181559 SUSE Bug 1181559 An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. CVE-2021-25282 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-25282.html CVE-2021-25282 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181560 SUSE Bug 1181560 An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. CVE-2021-25283 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-25283.html CVE-2021-25283 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181561 SUSE Bug 1181561 An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. CVE-2021-25284 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-25284.html CVE-2021-25284 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) CVE-2021-3144 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-3144.html CVE-2021-3144 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181562 SUSE Bug 1181562 An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. CVE-2021-3148 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-3148.html CVE-2021-3148 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181558 SUSE Bug 1181558 An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. CVE-2021-3197 Image SLES12-SP5-Azure-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-HPC-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-Azure-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-EC2-SAP-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-BYOS:salt-minion-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:python2-salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-3000-46.129.1 Image SLES12-SP5-GCE-SAP-BYOS:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-cloud-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-doc-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-master-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-minion-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-proxy-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-ssh-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-standalone-formulas-configuration-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-syndic-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-zsh-completion-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:python2-salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-3000-46.129.1 SUSE Manager Client Tools 12:python2-salt-3000-46.129.1 SUSE Manager Client Tools 12:python3-salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-3000-46.129.1 SUSE Manager Client Tools 12:salt-doc-3000-46.129.1 SUSE Manager Client Tools 12:salt-minion-3000-46.129.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210627-1/ https://www.suse.com/security/cve/CVE-2021-3197.html CVE-2021-3197 https://bugzilla.suse.com/1181550 SUSE Bug 1181550 https://bugzilla.suse.com/1181564 SUSE Bug 1181564