{"affected":[{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-5.64.1","python3-salt":"2019.2.0-5.64.1","salt":"2019.2.0-5.64.1","salt-api":"2019.2.0-5.64.1","salt-bash-completion":"2019.2.0-5.64.1","salt-cloud":"2019.2.0-5.64.1","salt-doc":"2019.2.0-5.64.1","salt-fish-completion":"2019.2.0-5.64.1","salt-master":"2019.2.0-5.64.1","salt-minion":"2019.2.0-5.64.1","salt-proxy":"2019.2.0-5.64.1","salt-ssh":"2019.2.0-5.64.1","salt-standalone-formulas-configuration":"2019.2.0-5.64.1","salt-syndic":"2019.2.0-5.64.1","salt-zsh-completion":"2019.2.0-5.64.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-5.64.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-5.64.1","python3-salt":"2019.2.0-5.64.1","salt":"2019.2.0-5.64.1","salt-api":"2019.2.0-5.64.1","salt-bash-completion":"2019.2.0-5.64.1","salt-cloud":"2019.2.0-5.64.1","salt-doc":"2019.2.0-5.64.1","salt-fish-completion":"2019.2.0-5.64.1","salt-master":"2019.2.0-5.64.1","salt-minion":"2019.2.0-5.64.1","salt-proxy":"2019.2.0-5.64.1","salt-ssh":"2019.2.0-5.64.1","salt-standalone-formulas-configuration":"2019.2.0-5.64.1","salt-syndic":"2019.2.0-5.64.1","salt-zsh-completion":"2019.2.0-5.64.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-5.64.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-5.64.1","python3-salt":"2019.2.0-5.64.1","salt":"2019.2.0-5.64.1","salt-api":"2019.2.0-5.64.1","salt-bash-completion":"2019.2.0-5.64.1","salt-cloud":"2019.2.0-5.64.1","salt-doc":"2019.2.0-5.64.1","salt-fish-completion":"2019.2.0-5.64.1","salt-master":"2019.2.0-5.64.1","salt-minion":"2019.2.0-5.64.1","salt-proxy":"2019.2.0-5.64.1","salt-ssh":"2019.2.0-5.64.1","salt-standalone-formulas-configuration":"2019.2.0-5.64.1","salt-syndic":"2019.2.0-5.64.1","salt-zsh-completion":"2019.2.0-5.64.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-5.64.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python2-salt":"2019.2.0-5.64.1","python3-salt":"2019.2.0-5.64.1","salt":"2019.2.0-5.64.1","salt-api":"2019.2.0-5.64.1","salt-bash-completion":"2019.2.0-5.64.1","salt-cloud":"2019.2.0-5.64.1","salt-doc":"2019.2.0-5.64.1","salt-fish-completion":"2019.2.0-5.64.1","salt-master":"2019.2.0-5.64.1","salt-minion":"2019.2.0-5.64.1","salt-proxy":"2019.2.0-5.64.1","salt-ssh":"2019.2.0-5.64.1","salt-standalone-formulas-configuration":"2019.2.0-5.64.1","salt-syndic":"2019.2.0-5.64.1","salt-zsh-completion":"2019.2.0-5.64.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2019.2.0-5.64.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update fixes the following issues:\n\nsalt:\n\n- RHEL/CentOS 8 uses platform-python instead of python3\n- New configuration option for selection of grains in the minion start event.\n- Fix 'os_family' grain for Astra Linux Common Edition\n- Fix for salt-api NET API where unauthenticated attacker could run\n  arbitrary code (CVE-2019-17361) (bsc#1162504)\n- Adds disabled parameter to mod_repo in aptpkg module\n- Move token with atomic operation\n- Bad API token files get deleted (bsc#1160931)\n- Support for Btrfs and XFS in parted and mkfs added\n- Adds list_downloaded for apt Module to enable pre-downloading support\n- Adds virt.(pool|network)_get_xml functions\n- Virt: adding kernel boot parameters to libvirt xml\n- Fix to scheduler when data['run'] does not exist (bsc#1159118)\n- Fix virt states to not fail on VMs already stopped\n- Fix applying of attributes for returner rawfile_json (bsc#1158940)\n- Xfs: do not fail if type is not present (bsc#1153611)\n- Don't use __python indirection macros on spec file\n  %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020);\n  additionally, python/python3 are just binaries in the path.\n- Fix errors when running virt.get_hypervisor function\n- Align virt.full_info fixes with upstream Salt\n- Fix for log checking in x509 test\n- Prevent test_mod_del_repo_multiline_values to fail\n- Read repo info without using interpolation (bsc#1135656)\n- Replacing pycrypto with M2Crypto as dependency for >= SLE15 (bsc#1165425)\n- Batch Async: Handle exceptions, properly unregister and close instances\n  after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327)\n- Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897)\n","id":"SUSE-RU-2020:0625-1","modified":"2020-03-10T09:39:57Z","published":"2020-03-10T09:39:57Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2020-625/suse-ru-20200625-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135656"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157465"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158940"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160931"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162504"},{"type":"REPORT","url":"https://bugzilla.suse.com/1165425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17361"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18897"}],"related":["CVE-2019-17361","CVE-2019-18897"],"summary":"Recommended update for Salt","upstream":["CVE-2019-17361","CVE-2019-18897"]}