openSUSE Security Update : salt (openSUSE-2018-388)

critical Nessus Plugin ID 109293

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for salt fixes the following issues :

- [Regression] Permission problem: salt-ssh minion boostrap doesn't work anymore. (bsc#1027722)

- wrong use of os_family string for Suse in the locale module and others (bsc#1038855)

- Cannot bootstrap a host using 'Manage system completely via SSH (will not install an agent)' (bsc#1002529)

- add user to or replace members of group not working with SLES11 SPx (bsc#978150)

- SLES-12-GA client fail to start salt minion (SUSE MANAGER 3.0) (bsc#991048)

- salt pkg.latest raises exception if package is not availible (bsc#1012999)

- pkg.list_products on 'registerrelease' and 'productline' returns boolean.False if empty (bsc#989193)

- SLES-12-SP1 salt-minion clients has no Base Channel added by default (bsc#986019)

- 'The system requires a reboot' does not disappear from web-UI despite the reboot (bsc#1017078)

- Remove option -f from startproc (bsc#975733)

- [PYTHON2] package salt-minion requires /usr/bin/python (bsc#1081592)

- Upgrading packages on RHEL6/7 client fails (bsc#1068566)

- /var/log/salt has insecure permissions (bsc#1071322)

- [Minion-bootstrapping] Invalid char cause server (salt-master ERROR) (bsc#1011304)

- CVE-2016-9639: Possible information leak due to revoked keys still being used (bsc#1012398)

- Bootstrapping SLES12 minion invalid (bsc#1053376)

- Minions not correctly onboarded if Proxy has multiple FQDNs (bsc#1063419)

- salt --summary '*' <function> reporting '# of minions that did not return' wrongly (bsc#972311)

- RH-L3 SALT - Stacktrace if nscd package is not present when using nscd state (bsc#1027044)

- Inspector broken: no module 'query' or 'inspector' while querying or inspecting (bsc#989798)

- [ Regression ]Centos7 Minion remote command execution from gui or cli , minion not responding (bsc#1027240)

- SALT, minion_id generation doesn't match the newhostname (bsc#967803)

- Salt API server shuts down when SSH call with no matches is issued (bsc#1004723)

- /var/log/salt/minion fails logrotate (bsc#1030009)

- Salt proxy test.ping crashes (bsc#975303)

- salt master flood log with useless messages (bsc#985661)

- After bootstrap salt client has deprecation warnings (bsc#1041993)

- Head: salt 2017.7.2 starts salt-master as user root (bsc#1064520)

- CVE-2017-12791: Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master (bsc#1053955)

- salt-2017.7.2 - broken %post script for salt-master (bsc#1079048)

- Tearing down deployment with SaltStack Kubernetes module always shows error (bsc#1059291)

- lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506)

- High state fails: No service execution module loaded:
check support for service (bsc#1065792)

- When multiple versions of a package are installed on a minion, patch status may vary (bsc#972490)

- Salt cp.push does not work on SUMA 3.2 Builds because of python3.4 (bsc#1075950)

- timezone modue does not update /etc/sysconfig/clock (bsc#1008933)

- Add patches to salt to support SUSE Manager scalability features (bsc#1052264)

- salt-minion failed to start on minimal RHEL6 because of DBus exception during load of snapper module (bsc#993039)

- Permission denied: '/var/run/salt-master.pid' (bsc#1050003)

- Jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125)

- Backport kubernetes-modules to salt (bsc#1051948)

- After highstate: The minion function caused an exception (bsc#1068446)

- VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation (bsc#1062462)

- unable to update salt-minion on RHEL (bsc#1022841)

- Nodes run out of memory due to salt-minion process (bsc#983512)

- [Proxy] 'Broken pipe' during bootstrap of salt minion (bsc#1039370)

- incorrect return code from /etc/rc.d/salt-minion (bsc#999852)

- CVE-2017-5200: Salt-ssh via api let's run arbitrary commands as user salt (bsc#1011800)

- beacons.conf on salt-minion not processed (bsc#1060230)

- SLES11 SP3 salt-minion Client Cannot Select Base Channel (bsc#975093)

- salt-ssh sys.doc gives authentication failure without arguments (bsc#1019386)

- minion bootstrapping: error when bootstrap SLE11 clients (bsc#990439)

- Certificate Deployment Fails for SLES11 SP3 Clients (bsc#975757)

- state.module run() does not translate varargs (bsc#1025896)

Solution

Update the affected salt packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1002529

https://bugzilla.opensuse.org/show_bug.cgi?id=1004723

https://bugzilla.opensuse.org/show_bug.cgi?id=1008933

https://bugzilla.opensuse.org/show_bug.cgi?id=1011304

https://bugzilla.opensuse.org/show_bug.cgi?id=1011800

https://bugzilla.opensuse.org/show_bug.cgi?id=1012398

https://bugzilla.opensuse.org/show_bug.cgi?id=1012999

https://bugzilla.opensuse.org/show_bug.cgi?id=1017078

https://bugzilla.opensuse.org/show_bug.cgi?id=1019386

https://bugzilla.opensuse.org/show_bug.cgi?id=1022841

https://bugzilla.opensuse.org/show_bug.cgi?id=1025896

https://bugzilla.opensuse.org/show_bug.cgi?id=1027044

https://bugzilla.opensuse.org/show_bug.cgi?id=1027240

https://bugzilla.opensuse.org/show_bug.cgi?id=1027722

https://bugzilla.opensuse.org/show_bug.cgi?id=1030009

https://bugzilla.opensuse.org/show_bug.cgi?id=1036125

https://bugzilla.opensuse.org/show_bug.cgi?id=1038855

https://bugzilla.opensuse.org/show_bug.cgi?id=1039370

https://bugzilla.opensuse.org/show_bug.cgi?id=1041993

https://bugzilla.opensuse.org/show_bug.cgi?id=1050003

https://bugzilla.opensuse.org/show_bug.cgi?id=1051948

https://bugzilla.opensuse.org/show_bug.cgi?id=1052264

https://bugzilla.opensuse.org/show_bug.cgi?id=1053376

https://bugzilla.opensuse.org/show_bug.cgi?id=1053955

https://bugzilla.opensuse.org/show_bug.cgi?id=1059291

https://bugzilla.opensuse.org/show_bug.cgi?id=1060230

https://bugzilla.opensuse.org/show_bug.cgi?id=1062462

https://bugzilla.opensuse.org/show_bug.cgi?id=1063419

https://bugzilla.opensuse.org/show_bug.cgi?id=1064520

https://bugzilla.opensuse.org/show_bug.cgi?id=1065792

https://bugzilla.opensuse.org/show_bug.cgi?id=1068446

https://bugzilla.opensuse.org/show_bug.cgi?id=1068566

https://bugzilla.opensuse.org/show_bug.cgi?id=1071322

https://bugzilla.opensuse.org/show_bug.cgi?id=1075950

https://bugzilla.opensuse.org/show_bug.cgi?id=1079048

https://bugzilla.opensuse.org/show_bug.cgi?id=1081592

https://bugzilla.opensuse.org/show_bug.cgi?id=967803

https://bugzilla.opensuse.org/show_bug.cgi?id=972311

https://bugzilla.opensuse.org/show_bug.cgi?id=972490

https://bugzilla.opensuse.org/show_bug.cgi?id=975093

https://bugzilla.opensuse.org/show_bug.cgi?id=975303

https://bugzilla.opensuse.org/show_bug.cgi?id=975733

https://bugzilla.opensuse.org/show_bug.cgi?id=975757

https://bugzilla.opensuse.org/show_bug.cgi?id=978150

https://bugzilla.opensuse.org/show_bug.cgi?id=983512

https://bugzilla.opensuse.org/show_bug.cgi?id=985661

https://bugzilla.opensuse.org/show_bug.cgi?id=986019

https://bugzilla.opensuse.org/show_bug.cgi?id=988506

https://bugzilla.opensuse.org/show_bug.cgi?id=989193

https://bugzilla.opensuse.org/show_bug.cgi?id=989798

https://bugzilla.opensuse.org/show_bug.cgi?id=990439

https://bugzilla.opensuse.org/show_bug.cgi?id=991048

https://bugzilla.opensuse.org/show_bug.cgi?id=993039

https://bugzilla.opensuse.org/show_bug.cgi?id=999852

https://features.opensuse.org/

Plugin Details

Severity: Critical

ID: 109293

File Name: openSUSE-2018-388.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/24/2018

Updated: 10/25/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2017-5200

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2017-14695

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:salt-minion, p-cpe:/a:novell:opensuse:salt-syndic, p-cpe:/a:novell:opensuse:salt-cloud, p-cpe:/a:novell:opensuse:salt-fish-completion, p-cpe:/a:novell:opensuse:salt-ssh, p-cpe:/a:novell:opensuse:salt-zsh-completion, p-cpe:/a:novell:opensuse:python2-salt, p-cpe:/a:novell:opensuse:python3-salt, p-cpe:/a:novell:opensuse:salt-master, p-cpe:/a:novell:opensuse:salt-bash-completion, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:salt, p-cpe:/a:novell:opensuse:salt-proxy, p-cpe:/a:novell:opensuse:salt-api

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2018

Reference Information

CVE: CVE-2016-9639, CVE-2017-12791, CVE-2017-14695, CVE-2017-14696, CVE-2017-5200

IAVB: 2017-B-0112-S