Detections
Analytics

openSUSE Security Update : salt (openSUSE-2018-388)

critical Nessus Plugin ID 109293

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for salt fixes the following issues :

 - [Regression] Permission problem: salt-ssh minion boostrap doesn't work anymore. (bsc#1027722)

 - wrong use of os_family string for Suse in the locale module and others (bsc#1038855)

 - Cannot bootstrap a host using 'Manage system completely via SSH (will not install an agent)' (bsc#1002529)

 - add user to or replace members of group not working with SLES11 SPx (bsc#978150)

 - SLES-12-GA client fail to start salt minion (SUSE MANAGER 3.0) (bsc#991048)

 - salt pkg.latest raises exception if package is not availible (bsc#1012999)

 - pkg.list_products on 'registerrelease' and 'productline' returns boolean.False if empty (bsc#989193)

 - SLES-12-SP1 salt-minion clients has no Base Channel added by default (bsc#986019)

 - 'The system requires a reboot' does not disappear from web-UI despite the reboot (bsc#1017078)

 - Remove option -f from startproc (bsc#975733)

 - [PYTHON2] package salt-minion requires /usr/bin/python (bsc#1081592)

 - Upgrading packages on RHEL6/7 client fails (bsc#1068566)

 - /var/log/salt has insecure permissions (bsc#1071322)

 - [Minion-bootstrapping] Invalid char cause server (salt-master ERROR) (bsc#1011304)

 - CVE-2016-9639: Possible information leak due to revoked keys still being used (bsc#1012398)

 - Bootstrapping SLES12 minion invalid (bsc#1053376)

 - Minions not correctly onboarded if Proxy has multiple FQDNs (bsc#1063419)

 - salt --summary '*' <function> reporting '# of minions that did not return' wrongly (bsc#972311)

 - RH-L3 SALT - Stacktrace if nscd package is not present when using nscd state (bsc#1027044)

 - Inspector broken: no module 'query' or 'inspector' while querying or inspecting (bsc#989798)

 - [ Regression ]Centos7 Minion remote command execution from gui or cli , minion not responding (bsc#1027240)

 - SALT, minion_id generation doesn't match the newhostname (bsc#967803)

 - Salt API server shuts down when SSH call with no matches is issued (bsc#1004723)

 - /var/log/salt/minion fails logrotate (bsc#1030009)

 - Salt proxy test.ping crashes (bsc#975303)

 - salt master flood log with useless messages (bsc#985661)

 - After bootstrap salt client has deprecation warnings (bsc#1041993)

 - Head: salt 2017.7.2 starts salt-master as user root (bsc#1064520)

 - CVE-2017-12791: Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master (bsc#1053955)

 - salt-2017.7.2 - broken %post script for salt-master (bsc#1079048)

 - Tearing down deployment with SaltStack Kubernetes module always shows error (bsc#1059291)

 - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506)

 - High state fails: No service execution module loaded:
 check support for service (bsc#1065792)

 - When multiple versions of a package are installed on a minion, patch status may vary (bsc#972490)

 - Salt cp.push does not work on SUMA 3.2 Builds because of python3.4 (bsc#1075950)

 - timezone modue does not update /etc/sysconfig/clock (bsc#1008933)

 - Add patches to salt to support SUSE Manager scalability features (bsc#1052264)

 - salt-minion failed to start on minimal RHEL6 because of DBus exception during load of snapper module (bsc#993039)

 - Permission denied: '/var/run/salt-master.pid' (bsc#1050003)

 - Jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125)

 - Backport kubernetes-modules to salt (bsc#1051948)

 - After highstate: The minion function caused an exception (bsc#1068446)

 - VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation (bsc#1062462)

 - unable to update salt-minion on RHEL (bsc#1022841)

 - Nodes run out of memory due to salt-minion process (bsc#983512)

 - [Proxy] 'Broken pipe' during bootstrap of salt minion (bsc#1039370)

 - incorrect return code from /etc/rc.d/salt-minion (bsc#999852)

 - CVE-2017-5200: Salt-ssh via api let's run arbitrary commands as user salt (bsc#1011800)

 - beacons.conf on salt-minion not processed (bsc#1060230)

 - SLES11 SP3 salt-minion Client Cannot Select Base Channel (bsc#975093)

 - salt-ssh sys.doc gives authentication failure without arguments (bsc#1019386)

 - minion bootstrapping: error when bootstrap SLE11 clients (bsc#990439)

 - Certificate Deployment Fails for SLES11 SP3 Clients (bsc#975757)

 - state.module run() does not translate varargs (bsc#1025896)

Solution

Update the affected salt packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1002529

https://bugzilla.opensuse.org/show_bug.cgi?id=1004723

https://bugzilla.opensuse.org/show_bug.cgi?id=1008933

https://bugzilla.opensuse.org/show_bug.cgi?id=1011304

https://bugzilla.opensuse.org/show_bug.cgi?id=1011800

https://bugzilla.opensuse.org/show_bug.cgi?id=1012398

https://bugzilla.opensuse.org/show_bug.cgi?id=1012999

https://bugzilla.opensuse.org/show_bug.cgi?id=1017078

https://bugzilla.opensuse.org/show_bug.cgi?id=1019386

https://bugzilla.opensuse.org/show_bug.cgi?id=1022841

https://bugzilla.opensuse.org/show_bug.cgi?id=1025896

https://bugzilla.opensuse.org/show_bug.cgi?id=1027044

https://bugzilla.opensuse.org/show_bug.cgi?id=1027240

https://bugzilla.opensuse.org/show_bug.cgi?id=1027722

https://bugzilla.opensuse.org/show_bug.cgi?id=1030009

https://bugzilla.opensuse.org/show_bug.cgi?id=1036125

https://bugzilla.opensuse.org/show_bug.cgi?id=1038855

https://bugzilla.opensuse.org/show_bug.cgi?id=1039370

https://bugzilla.opensuse.org/show_bug.cgi?id=1041993

https://bugzilla.opensuse.org/show_bug.cgi?id=1050003

https://bugzilla.opensuse.org/show_bug.cgi?id=1051948

https://bugzilla.opensuse.org/show_bug.cgi?id=1052264

https://bugzilla.opensuse.org/show_bug.cgi?id=1053376

https://bugzilla.opensuse.org/show_bug.cgi?id=1053955

https://bugzilla.opensuse.org/show_bug.cgi?id=1059291

https://bugzilla.opensuse.org/show_bug.cgi?id=1060230

https://bugzilla.opensuse.org/show_bug.cgi?id=1062462

https://bugzilla.opensuse.org/show_bug.cgi?id=1063419

https://bugzilla.opensuse.org/show_bug.cgi?id=1064520

https://bugzilla.opensuse.org/show_bug.cgi?id=1065792

https://bugzilla.opensuse.org/show_bug.cgi?id=1068446

https://bugzilla.opensuse.org/show_bug.cgi?id=1068566

https://bugzilla.opensuse.org/show_bug.cgi?id=1071322

https://bugzilla.opensuse.org/show_bug.cgi?id=1075950

https://bugzilla.opensuse.org/show_bug.cgi?id=1079048

https://bugzilla.opensuse.org/show_bug.cgi?id=1081592

https://bugzilla.opensuse.org/show_bug.cgi?id=967803

https://bugzilla.opensuse.org/show_bug.cgi?id=972311

https://bugzilla.opensuse.org/show_bug.cgi?id=972490

https://bugzilla.opensuse.org/show_bug.cgi?id=975093

https://bugzilla.opensuse.org/show_bug.cgi?id=975303

https://bugzilla.opensuse.org/show_bug.cgi?id=975733

https://bugzilla.opensuse.org/show_bug.cgi?id=975757

https://bugzilla.opensuse.org/show_bug.cgi?id=978150

https://bugzilla.opensuse.org/show_bug.cgi?id=983512

https://bugzilla.opensuse.org/show_bug.cgi?id=985661

https://bugzilla.opensuse.org/show_bug.cgi?id=986019

https://bugzilla.opensuse.org/show_bug.cgi?id=988506

https://bugzilla.opensuse.org/show_bug.cgi?id=989193

https://bugzilla.opensuse.org/show_bug.cgi?id=989798

https://bugzilla.opensuse.org/show_bug.cgi?id=990439

https://bugzilla.opensuse.org/show_bug.cgi?id=991048

https://bugzilla.opensuse.org/show_bug.cgi?id=993039

https://bugzilla.opensuse.org/show_bug.cgi?id=999852

https://features.opensuse.org/

Plugin Details

Severity: Critical

ID: 109293

File Name: openSUSE-2018-388.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/24/2018

Updated: 10/25/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2017-5200

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2017-14695

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:salt-minion, p-cpe:/a:novell:opensuse:salt-syndic, p-cpe:/a:novell:opensuse:salt-cloud, p-cpe:/a:novell:opensuse:salt-fish-completion, p-cpe:/a:novell:opensuse:salt-ssh, p-cpe:/a:novell:opensuse:salt-zsh-completion, p-cpe:/a:novell:opensuse:python2-salt, p-cpe:/a:novell:opensuse:python3-salt, p-cpe:/a:novell:opensuse:salt-master, p-cpe:/a:novell:opensuse:salt-bash-completion, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:salt, p-cpe:/a:novell:opensuse:salt-proxy, p-cpe:/a:novell:opensuse:salt-api

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2018

Reference Information

CVE: CVE-2016-9639, CVE-2017-12791, CVE-2017-14695, CVE-2017-14696, CVE-2017-5200

IAVB: 2017-B-0112-S