SUSE-SU-2023:3877-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3877-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:3877-1
- Related
- Published
- 2023-09-28T11:47:21Z
- Modified
- 2023-09-28T11:47:21Z
- Summary
- Security update for SUSE Manager Salt Bundle
- Details
-
This update fixes the following issues:
venv-salt-minion:
- Security issues fixed:
- CVE-2023-20897: Do not fail on bad message pack message (bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. (bsc#1214797, bsc#1193948)
- Bugs fixed:
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses (bsc#1213960, bsc#1213630, bsc#1213257)
- Create minionid with reproducible mtime
- Do not recompile SELinux policy module on building. Use precompiled module instead to avoid incompatibility errors.
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'saltversion' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.getgroupdict (bsc#1212794)
- Ship SELinux policy module version 19 to make it compatible with broader list of Linux distributions
- Security issues fixed:
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20233877-1/
- https://bugzilla.suse.com/1193948
- https://bugzilla.suse.com/1210994
- https://bugzilla.suse.com/1212794
- https://bugzilla.suse.com/1212844
- https://bugzilla.suse.com/1212855
- https://bugzilla.suse.com/1213257
- https://bugzilla.suse.com/1213441
- https://bugzilla.suse.com/1213630
- https://bugzilla.suse.com/1213960
- https://bugzilla.suse.com/1214796
- https://bugzilla.suse.com/1214797
- https://bugzilla.suse.com/1215489
- https://www.suse.com/security/cve/CVE-2023-20897
- https://www.suse.com/security/cve/CVE-2023-20898
Affected packages
SUSE:Manager Tools 15 / venv-salt-minion
Package
- Name
- venv-salt-minion
- Purl
- purl:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Tools%2015
SUSE:Manager Tools for SLE Micro 5 / venv-salt-minion
Package
- Name
- venv-salt-minion
- Purl
- purl:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Tools%20for%20SLE%20Micro%205
SUSE:Manager Proxy Module 4.3 / venv-salt-minion
Package
- Name
- venv-salt-minion
- Purl
- purl:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Proxy%20Module%204.3