Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-9639
Vulnerability from cvelistv5
Published
2017-02-07 17:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/25/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/25/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94553 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/25/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/25/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94553 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key | Vendor Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20161125 CVE Request: salt confidentiality issue", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { name: "94553", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94553", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { name: "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-11-25T00:00:00", descriptions: [ { lang: "en", value: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-08T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20161125 CVE Request: salt confidentiality issue", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { name: "94553", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94553", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { name: "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9639", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20161125 CVE Request: salt confidentiality issue", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { name: "94553", refsource: "BID", url: "http://www.securityfocus.com/bid/94553", }, { name: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", refsource: "CONFIRM", url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { name: "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9639", datePublished: "2017-02-07T17:00:00", dateReserved: "2016-11-25T00:00:00", dateUpdated: "2024-08-06T02:59:03.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2016-9639\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-02-07T17:59:00.617\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.\"},{\"lang\":\"es\",\"value\":\"Salt en versiones anteriores a 2015.8.11 permite a minions eliminados para leer o escribir minions con el mismo id, relacionado con el almacenamiento en caché.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2015.8.10\",\"matchCriteriaId\":\"601AD350-4B5C-4987-8B88-25CBB8B070EC\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2016/11/25/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/11/25/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94553\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/11/25/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/11/25/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
opensuse-su-2024:11364-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python3-salt-3002.2-6.1 on GA media
Notes
Title of the patch
python3-salt-3002.2-6.1 on GA media
Description of the patch
These are all security issues fixed in the python3-salt-3002.2-6.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11364
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "python3-salt-3002.2-6.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the python3-salt-3002.2-6.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11364", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11364-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-9639 page", url: "https://www.suse.com/security/cve/CVE-2016-9639/", }, { category: "self", summary: "SUSE CVE CVE-2017-12791 page", url: "https://www.suse.com/security/cve/CVE-2017-12791/", }, { category: "self", summary: "SUSE CVE CVE-2017-14695 page", url: "https://www.suse.com/security/cve/CVE-2017-14695/", }, { category: "self", summary: "SUSE CVE CVE-2017-14696 page", url: "https://www.suse.com/security/cve/CVE-2017-14696/", }, { category: "self", summary: "SUSE CVE CVE-2018-15750 page", url: "https://www.suse.com/security/cve/CVE-2018-15750/", }, { category: "self", summary: "SUSE CVE CVE-2018-15751 page", url: "https://www.suse.com/security/cve/CVE-2018-15751/", }, { category: "self", summary: "SUSE CVE CVE-2019-17361 page", url: "https://www.suse.com/security/cve/CVE-2019-17361/", }, { category: "self", summary: "SUSE CVE CVE-2019-18897 page", url: "https://www.suse.com/security/cve/CVE-2019-18897/", }, { category: "self", summary: "SUSE CVE CVE-2020-11651 page", url: "https://www.suse.com/security/cve/CVE-2020-11651/", }, { category: "self", summary: "SUSE CVE CVE-2020-25592 page", url: "https://www.suse.com/security/cve/CVE-2020-25592/", }, { category: "self", summary: "SUSE CVE CVE-2020-28243 page", url: "https://www.suse.com/security/cve/CVE-2020-28243/", }, { category: "self", summary: "SUSE CVE CVE-2021-21996 page", url: "https://www.suse.com/security/cve/CVE-2021-21996/", }, { category: "self", summary: "SUSE CVE CVE-2021-25281 page", url: "https://www.suse.com/security/cve/CVE-2021-25281/", }, { category: "self", summary: "SUSE CVE CVE-2021-25315 page", url: "https://www.suse.com/security/cve/CVE-2021-25315/", }, { category: "self", summary: "SUSE CVE CVE-2021-31607 page", url: "https://www.suse.com/security/cve/CVE-2021-31607/", }, ], title: "python3-salt-3002.2-6.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11364-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python3-salt-3002.2-6.1.aarch64", product: { name: "python3-salt-3002.2-6.1.aarch64", product_id: "python3-salt-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-3002.2-6.1.aarch64", product: { name: "salt-3002.2-6.1.aarch64", product_id: "salt-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-api-3002.2-6.1.aarch64", product: { name: "salt-api-3002.2-6.1.aarch64", product_id: "salt-api-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-bash-completion-3002.2-6.1.aarch64", product: { name: "salt-bash-completion-3002.2-6.1.aarch64", product_id: "salt-bash-completion-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-cloud-3002.2-6.1.aarch64", product: { name: "salt-cloud-3002.2-6.1.aarch64", product_id: "salt-cloud-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-doc-3002.2-6.1.aarch64", product: { name: "salt-doc-3002.2-6.1.aarch64", product_id: "salt-doc-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-fish-completion-3002.2-6.1.aarch64", product: { name: "salt-fish-completion-3002.2-6.1.aarch64", product_id: "salt-fish-completion-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-master-3002.2-6.1.aarch64", product: { name: "salt-master-3002.2-6.1.aarch64", product_id: "salt-master-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-minion-3002.2-6.1.aarch64", product: { name: "salt-minion-3002.2-6.1.aarch64", product_id: "salt-minion-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-proxy-3002.2-6.1.aarch64", product: { name: "salt-proxy-3002.2-6.1.aarch64", product_id: "salt-proxy-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-ssh-3002.2-6.1.aarch64", product: { name: "salt-ssh-3002.2-6.1.aarch64", product_id: "salt-ssh-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-standalone-formulas-configuration-3002.2-6.1.aarch64", product: { name: "salt-standalone-formulas-configuration-3002.2-6.1.aarch64", product_id: "salt-standalone-formulas-configuration-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-syndic-3002.2-6.1.aarch64", product: { name: "salt-syndic-3002.2-6.1.aarch64", product_id: "salt-syndic-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-transactional-update-3002.2-6.1.aarch64", product: { name: "salt-transactional-update-3002.2-6.1.aarch64", product_id: "salt-transactional-update-3002.2-6.1.aarch64", }, }, { category: "product_version", name: "salt-zsh-completion-3002.2-6.1.aarch64", product: { name: "salt-zsh-completion-3002.2-6.1.aarch64", product_id: "salt-zsh-completion-3002.2-6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python3-salt-3002.2-6.1.ppc64le", product: { name: "python3-salt-3002.2-6.1.ppc64le", product_id: "python3-salt-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-3002.2-6.1.ppc64le", product: { name: "salt-3002.2-6.1.ppc64le", product_id: "salt-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-api-3002.2-6.1.ppc64le", product: { name: "salt-api-3002.2-6.1.ppc64le", product_id: "salt-api-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-bash-completion-3002.2-6.1.ppc64le", product: { name: "salt-bash-completion-3002.2-6.1.ppc64le", product_id: "salt-bash-completion-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-cloud-3002.2-6.1.ppc64le", product: { name: "salt-cloud-3002.2-6.1.ppc64le", product_id: "salt-cloud-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-doc-3002.2-6.1.ppc64le", product: { name: "salt-doc-3002.2-6.1.ppc64le", product_id: "salt-doc-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-fish-completion-3002.2-6.1.ppc64le", product: { name: "salt-fish-completion-3002.2-6.1.ppc64le", product_id: "salt-fish-completion-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-master-3002.2-6.1.ppc64le", product: { name: "salt-master-3002.2-6.1.ppc64le", product_id: "salt-master-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-minion-3002.2-6.1.ppc64le", product: { name: "salt-minion-3002.2-6.1.ppc64le", product_id: "salt-minion-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-proxy-3002.2-6.1.ppc64le", product: { name: "salt-proxy-3002.2-6.1.ppc64le", product_id: "salt-proxy-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-ssh-3002.2-6.1.ppc64le", product: { name: "salt-ssh-3002.2-6.1.ppc64le", product_id: "salt-ssh-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", product: { name: "salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", product_id: "salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-syndic-3002.2-6.1.ppc64le", product: { name: "salt-syndic-3002.2-6.1.ppc64le", product_id: "salt-syndic-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-transactional-update-3002.2-6.1.ppc64le", product: { name: "salt-transactional-update-3002.2-6.1.ppc64le", product_id: "salt-transactional-update-3002.2-6.1.ppc64le", }, }, { category: "product_version", name: "salt-zsh-completion-3002.2-6.1.ppc64le", product: { name: "salt-zsh-completion-3002.2-6.1.ppc64le", product_id: "salt-zsh-completion-3002.2-6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python3-salt-3002.2-6.1.s390x", product: { name: "python3-salt-3002.2-6.1.s390x", product_id: "python3-salt-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-3002.2-6.1.s390x", product: { name: "salt-3002.2-6.1.s390x", product_id: "salt-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-api-3002.2-6.1.s390x", product: { name: "salt-api-3002.2-6.1.s390x", product_id: "salt-api-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-bash-completion-3002.2-6.1.s390x", product: { name: "salt-bash-completion-3002.2-6.1.s390x", product_id: "salt-bash-completion-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-cloud-3002.2-6.1.s390x", product: { name: "salt-cloud-3002.2-6.1.s390x", product_id: "salt-cloud-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-doc-3002.2-6.1.s390x", product: { name: "salt-doc-3002.2-6.1.s390x", product_id: "salt-doc-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-fish-completion-3002.2-6.1.s390x", product: { name: "salt-fish-completion-3002.2-6.1.s390x", product_id: "salt-fish-completion-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-master-3002.2-6.1.s390x", product: { name: "salt-master-3002.2-6.1.s390x", product_id: "salt-master-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-minion-3002.2-6.1.s390x", product: { name: "salt-minion-3002.2-6.1.s390x", product_id: "salt-minion-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-proxy-3002.2-6.1.s390x", product: { name: "salt-proxy-3002.2-6.1.s390x", product_id: "salt-proxy-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-ssh-3002.2-6.1.s390x", product: { name: "salt-ssh-3002.2-6.1.s390x", product_id: "salt-ssh-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-standalone-formulas-configuration-3002.2-6.1.s390x", product: { name: "salt-standalone-formulas-configuration-3002.2-6.1.s390x", product_id: "salt-standalone-formulas-configuration-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-syndic-3002.2-6.1.s390x", product: { name: "salt-syndic-3002.2-6.1.s390x", product_id: "salt-syndic-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-transactional-update-3002.2-6.1.s390x", product: { name: "salt-transactional-update-3002.2-6.1.s390x", product_id: "salt-transactional-update-3002.2-6.1.s390x", }, }, { category: "product_version", name: "salt-zsh-completion-3002.2-6.1.s390x", product: { name: "salt-zsh-completion-3002.2-6.1.s390x", product_id: "salt-zsh-completion-3002.2-6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python3-salt-3002.2-6.1.x86_64", product: { name: "python3-salt-3002.2-6.1.x86_64", product_id: "python3-salt-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-3002.2-6.1.x86_64", product: { name: "salt-3002.2-6.1.x86_64", product_id: "salt-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-api-3002.2-6.1.x86_64", product: { name: "salt-api-3002.2-6.1.x86_64", product_id: "salt-api-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-bash-completion-3002.2-6.1.x86_64", product: { name: "salt-bash-completion-3002.2-6.1.x86_64", product_id: "salt-bash-completion-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-cloud-3002.2-6.1.x86_64", product: { name: "salt-cloud-3002.2-6.1.x86_64", product_id: "salt-cloud-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-doc-3002.2-6.1.x86_64", product: { name: "salt-doc-3002.2-6.1.x86_64", product_id: "salt-doc-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-fish-completion-3002.2-6.1.x86_64", product: { name: "salt-fish-completion-3002.2-6.1.x86_64", product_id: "salt-fish-completion-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-master-3002.2-6.1.x86_64", product: { name: "salt-master-3002.2-6.1.x86_64", product_id: "salt-master-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-minion-3002.2-6.1.x86_64", product: { name: "salt-minion-3002.2-6.1.x86_64", product_id: "salt-minion-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-proxy-3002.2-6.1.x86_64", product: { name: "salt-proxy-3002.2-6.1.x86_64", product_id: "salt-proxy-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-ssh-3002.2-6.1.x86_64", product: { name: "salt-ssh-3002.2-6.1.x86_64", product_id: "salt-ssh-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-standalone-formulas-configuration-3002.2-6.1.x86_64", product: { name: "salt-standalone-formulas-configuration-3002.2-6.1.x86_64", product_id: "salt-standalone-formulas-configuration-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-syndic-3002.2-6.1.x86_64", product: { name: "salt-syndic-3002.2-6.1.x86_64", product_id: "salt-syndic-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-transactional-update-3002.2-6.1.x86_64", product: { name: "salt-transactional-update-3002.2-6.1.x86_64", product_id: "salt-transactional-update-3002.2-6.1.x86_64", }, }, { category: "product_version", name: "salt-zsh-completion-3002.2-6.1.x86_64", product: { name: "salt-zsh-completion-3002.2-6.1.x86_64", product_id: "salt-zsh-completion-3002.2-6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python3-salt-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", }, product_reference: "python3-salt-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python3-salt-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", }, product_reference: "python3-salt-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python3-salt-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", }, product_reference: "python3-salt-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python3-salt-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", }, product_reference: "python3-salt-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", }, product_reference: "salt-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", }, product_reference: "salt-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", }, product_reference: "salt-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", }, product_reference: "salt-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-api-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", }, product_reference: "salt-api-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-api-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", }, product_reference: "salt-api-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-api-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", }, product_reference: "salt-api-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-api-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", }, product_reference: "salt-api-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-bash-completion-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", }, product_reference: "salt-bash-completion-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-bash-completion-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", }, product_reference: "salt-bash-completion-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-bash-completion-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", }, product_reference: "salt-bash-completion-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-bash-completion-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", }, product_reference: "salt-bash-completion-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-cloud-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", }, product_reference: "salt-cloud-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-cloud-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", }, product_reference: "salt-cloud-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-cloud-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", }, product_reference: "salt-cloud-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-cloud-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", }, product_reference: "salt-cloud-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-doc-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", }, product_reference: "salt-doc-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-doc-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", }, product_reference: "salt-doc-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-doc-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", }, product_reference: "salt-doc-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-doc-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", }, product_reference: "salt-doc-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-fish-completion-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", }, product_reference: "salt-fish-completion-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-fish-completion-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", }, product_reference: "salt-fish-completion-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-fish-completion-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", }, product_reference: "salt-fish-completion-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-fish-completion-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", }, product_reference: "salt-fish-completion-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-master-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", }, product_reference: "salt-master-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-master-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", }, product_reference: "salt-master-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-master-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", }, product_reference: "salt-master-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-master-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", }, product_reference: "salt-master-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-minion-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", }, product_reference: "salt-minion-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-minion-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", }, product_reference: "salt-minion-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-minion-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", }, product_reference: "salt-minion-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-minion-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", }, product_reference: "salt-minion-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", }, product_reference: "salt-proxy-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", }, product_reference: "salt-proxy-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", }, product_reference: "salt-proxy-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", }, product_reference: "salt-proxy-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", }, product_reference: "salt-ssh-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", }, product_reference: "salt-ssh-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", }, product_reference: "salt-ssh-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", }, product_reference: "salt-ssh-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-standalone-formulas-configuration-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", }, product_reference: "salt-standalone-formulas-configuration-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-standalone-formulas-configuration-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", }, product_reference: "salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-standalone-formulas-configuration-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", }, product_reference: "salt-standalone-formulas-configuration-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-standalone-formulas-configuration-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", }, product_reference: "salt-standalone-formulas-configuration-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", }, product_reference: "salt-syndic-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", }, product_reference: "salt-syndic-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", }, product_reference: "salt-syndic-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", }, product_reference: "salt-syndic-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-transactional-update-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", }, product_reference: "salt-transactional-update-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-transactional-update-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", }, product_reference: "salt-transactional-update-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-transactional-update-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", }, product_reference: "salt-transactional-update-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-transactional-update-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", }, product_reference: "salt-transactional-update-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-zsh-completion-3002.2-6.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", }, product_reference: "salt-zsh-completion-3002.2-6.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-zsh-completion-3002.2-6.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", }, product_reference: "salt-zsh-completion-3002.2-6.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-zsh-completion-3002.2-6.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", }, product_reference: "salt-zsh-completion-3002.2-6.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "salt-zsh-completion-3002.2-6.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", }, product_reference: "salt-zsh-completion-3002.2-6.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-9639", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9639", }, ], notes: [ { category: "general", text: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9639", url: "https://www.suse.com/security/cve/CVE-2016-9639", }, { category: "external", summary: "SUSE Bug 1012398 for CVE-2016-9639", url: "https://bugzilla.suse.com/1012398", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-9639", }, { cve: "CVE-2017-12791", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12791", }, ], notes: [ { category: "general", text: "Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12791", url: "https://www.suse.com/security/cve/CVE-2017-12791", }, { category: "external", summary: "SUSE Bug 1053955 for CVE-2017-12791", url: "https://bugzilla.suse.com/1053955", }, { category: "external", summary: "SUSE Bug 1062462 for CVE-2017-12791", url: "https://bugzilla.suse.com/1062462", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-12791", }, { cve: "CVE-2017-14695", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-14695", }, ], notes: [ { category: "general", text: "Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-14695", url: "https://www.suse.com/security/cve/CVE-2017-14695", }, { category: "external", summary: "SUSE Bug 1053955 for CVE-2017-14695", url: "https://bugzilla.suse.com/1053955", }, { category: "external", summary: "SUSE Bug 1062462 for CVE-2017-14695", url: "https://bugzilla.suse.com/1062462", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-14695", }, { cve: "CVE-2017-14696", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-14696", }, ], notes: [ { category: "general", text: "SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-14696", url: "https://www.suse.com/security/cve/CVE-2017-14696", }, { category: "external", summary: "SUSE Bug 1053955 for CVE-2017-14696", url: "https://bugzilla.suse.com/1053955", }, { category: "external", summary: "SUSE Bug 1062464 for CVE-2017-14696", url: "https://bugzilla.suse.com/1062464", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-14696", }, { cve: "CVE-2018-15750", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-15750", }, ], notes: [ { category: "general", text: "Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-15750", url: "https://www.suse.com/security/cve/CVE-2018-15750", }, { category: "external", summary: "SUSE Bug 1113698 for CVE-2018-15750", url: "https://bugzilla.suse.com/1113698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-15750", }, { cve: "CVE-2018-15751", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-15751", }, ], notes: [ { category: "general", text: "SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-15751", url: "https://www.suse.com/security/cve/CVE-2018-15751", }, { category: "external", summary: "SUSE Bug 1113698 for CVE-2018-15751", url: "https://bugzilla.suse.com/1113698", }, { category: "external", summary: "SUSE Bug 1113699 for CVE-2018-15751", url: "https://bugzilla.suse.com/1113699", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-15751", }, { cve: "CVE-2019-17361", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-17361", }, ], notes: [ { category: "general", text: "In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-17361", url: "https://www.suse.com/security/cve/CVE-2019-17361", }, { category: "external", summary: "SUSE Bug 1162504 for CVE-2019-17361", url: "https://bugzilla.suse.com/1162504", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-17361", }, { cve: "CVE-2019-18897", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-18897", }, ], notes: [ { category: "general", text: "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-18897", url: "https://www.suse.com/security/cve/CVE-2019-18897", }, { category: "external", summary: "SUSE Bug 1157465 for CVE-2019-18897", url: "https://bugzilla.suse.com/1157465", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-18897", }, { cve: "CVE-2020-11651", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11651", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11651", url: "https://www.suse.com/security/cve/CVE-2020-11651", }, { category: "external", summary: "SUSE Bug 1170595 for CVE-2020-11651", url: "https://bugzilla.suse.com/1170595", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2020-11651", }, { cve: "CVE-2020-25592", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25592", }, ], notes: [ { category: "general", text: "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25592", url: "https://www.suse.com/security/cve/CVE-2020-25592", }, { category: "external", summary: "SUSE Bug 1178319 for CVE-2020-25592", url: "https://bugzilla.suse.com/1178319", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2020-25592", }, { cve: "CVE-2020-28243", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28243", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-28243", url: "https://www.suse.com/security/cve/CVE-2020-28243", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-28243", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181556 for CVE-2020-28243", url: "https://bugzilla.suse.com/1181556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-28243", }, { cve: "CVE-2021-21996", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-21996", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-21996", url: "https://www.suse.com/security/cve/CVE-2021-21996", }, { category: "external", summary: "SUSE Bug 1190265 for CVE-2021-21996", url: "https://bugzilla.suse.com/1190265", }, { category: "external", summary: "SUSE Bug 1210934 for CVE-2021-21996", url: "https://bugzilla.suse.com/1210934", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-21996", }, { cve: "CVE-2021-25281", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25281", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25281", url: "https://www.suse.com/security/cve/CVE-2021-25281", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25281", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181559 for CVE-2021-25281", url: "https://bugzilla.suse.com/1181559", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25281", }, { cve: "CVE-2021-25315", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25315", }, ], notes: [ { category: "general", text: "CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25315", url: "https://www.suse.com/security/cve/CVE-2021-25315", }, { category: "external", summary: "SUSE Bug 1182382 for CVE-2021-25315", url: "https://bugzilla.suse.com/1182382", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2021-25315", }, { cve: "CVE-2021-31607", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-31607", }, ], notes: [ { category: "general", text: "In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-31607", url: "https://www.suse.com/security/cve/CVE-2021-31607", }, { category: "external", summary: "SUSE Bug 1185281 for CVE-2021-31607", url: "https://bugzilla.suse.com/1185281", }, { category: "external", summary: "SUSE Bug 1210934 for CVE-2021-31607", url: "https://bugzilla.suse.com/1210934", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python3-salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:python3-salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-api-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-api-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-api-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-bash-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-cloud-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-doc-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-fish-completion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-master-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-master-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-master-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-minion-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-proxy-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-ssh-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-standalone-formulas-configuration-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-syndic-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-transactional-update-3002.2-6.1.x86_64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.aarch64", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.ppc64le", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.s390x", "openSUSE Tumbleweed:salt-zsh-completion-3002.2-6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-31607", }, ], }
fkie_cve-2016-9639
Vulnerability from fkie_nvd
Published
2017-02-07 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/25/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/11/25/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94553 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/25/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/11/25/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94553 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", matchCriteriaId: "601AD350-4B5C-4987-8B88-25CBB8B070EC", versionEndIncluding: "2015.8.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", }, { lang: "es", value: "Salt en versiones anteriores a 2015.8.11 permite a minions eliminados para leer o escribir minions con el mismo id, relacionado con el almacenamiento en caché.", }, ], id: "CVE-2016-9639", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-07T17:59:00.617", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94553", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
pysec-2017-34
Vulnerability from pysec
Published
2017-02-07 17:59
Modified
2021-07-05 00:01
Details
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Impacted products
| Name | purl |
|---|---|
| salt | pkg:pypi/salt |
Aliases
{ affected: [ { package: { ecosystem: "PyPI", name: "salt", purl: "pkg:pypi/salt", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "2015.8.11", }, ], type: "ECOSYSTEM", }, ], versions: [ "0.10.0", "0.10.1", "0.10.2", "0.10.3", "0.10.4", "0.10.5", "0.11.0", "0.11.1", "0.12.0", "0.12.1", "0.13.0", "0.13.1", "0.13.2", "0.13.3", "0.14.0", "0.14.1", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.15.90", "0.16.0", "0.16.1", "0.16.2", "0.16.3", "0.16.4", "0.17.0", "0.17.0rc1", "0.17.1", "0.17.2", "0.17.3", "0.17.4", "0.17.5", "0.8.7", "0.8.9", "0.9.0", "0.9.1", "0.9.2", "0.9.3", "0.9.4", "0.9.5", "0.9.6", "0.9.7", "0.9.8", "0.9.9", "0.9.9.1", "2014.1.0", "2014.1.0rc1", "2014.1.0rc2", "2014.1.0rc3", "2014.1.1", "2014.1.10", "2014.1.11", "2014.1.12", "2014.1.13", "2014.1.2", "2014.1.3", "2014.1.4", "2014.1.5", "2014.1.6", "2014.1.7", "2014.1.8", "2014.1.9", "2014.7.0", "2014.7.0rc1", "2014.7.0rc2", "2014.7.0rc3", "2014.7.0rc4", "2014.7.0rc5", "2014.7.0rc6", "2014.7.0rc7", "2014.7.1", "2014.7.2", "2014.7.3", "2014.7.4", "2014.7.5", "2014.7.6", "2014.7.7", "2015.2.0rc1", "2015.2.0rc2", "2015.5.0", "2015.5.1", "2015.5.10", "2015.5.11", "2015.5.2", "2015.5.3", "2015.5.4", "2015.5.5", "2015.5.6", "2015.5.7", "2015.5.8", "2015.5.9", "2015.8.0", "2015.8.0rc1", "2015.8.0rc2", "2015.8.0rc3", "2015.8.0rc4", "2015.8.0rc5", "2015.8.1", "2015.8.10", "2015.8.2", "2015.8.3", "2015.8.4", "2015.8.5", "2015.8.7", "2015.8.8", "2015.8.8.2", "2015.8.9", ], }, ], aliases: [ "CVE-2016-9639", ], details: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", id: "PYSEC-2017-34", modified: "2021-07-05T00:01:26.392976Z", published: "2017-02-07T17:59:00Z", references: [ { type: "WEB", url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { type: "WEB", url: "http://www.securityfocus.com/bid/94553", }, ], }
suse-ru-2017:0169-1
Vulnerability from csaf_suse
Published
2017-01-17 09:06
Modified
2017-01-17 09:06
Summary
Recommended update for Salt
Notes
Title of the patch
Recommended update for Salt
Description of the patch
This update for Salt fixes one security issue and several non-security issues.
The following security issue has been fixed:
- Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)
The following non-security issues have been fixed:
- Update to 2015.8.12
- Add pre-require to salt for minions.
- Do not restart salt-minion in salt package.
- Add try-restart to sys-v init scripts.
- Add 'Restart=on-failure' for salt-minion systemd service.
- Various fixes for signal handling.
- Successfully exit of salt-api child processes when SIGTERM is received.
- Re-introduce 'KillMode=process' for salt-minion systemd service.
- Fix changing default-timezone. (bsc#1008933)
Patchnames
SUSE-SLE-Manager-Tools-12-2017-77,SUSE-SLE-POS-12-SP2-2017-77,SUSE-SUSE-Manager-Proxy-3.0-2017-77,SUSE-SUSE-Manager-Server-3.0-2017-77,SUSE-Storage-3-2017-77
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Recommended update for Salt", title: "Title of the patch", }, { category: "description", text: "\nThis update for Salt fixes one security issue and several non-security issues.\n\nThe following security issue has been fixed:\n\n- Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)\n\nThe following non-security issues have been fixed:\n\n- Update to 2015.8.12\n- Add pre-require to salt for minions.\n- Do not restart salt-minion in salt package.\n- Add try-restart to sys-v init scripts.\n- Add 'Restart=on-failure' for salt-minion systemd service.\n- Various fixes for signal handling.\n- Successfully exit of salt-api child processes when SIGTERM is received.\n- Re-introduce 'KillMode=process' for salt-minion systemd service.\n- Fix changing default-timezone. (bsc#1008933)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Manager-Tools-12-2017-77,SUSE-SLE-POS-12-SP2-2017-77,SUSE-SUSE-Manager-Proxy-3.0-2017-77,SUSE-SUSE-Manager-Server-3.0-2017-77,SUSE-Storage-3-2017-77", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2017_0169-1.json", }, { category: "self", summary: "URL for SUSE-RU-2017:0169-1", url: "https://www.suse.com/support/update/announcement//suse-ru-20170169-1/", }, { category: "self", summary: "E-Mail link for SUSE-RU-2017:0169-1", url: "https://lists.suse.com/pipermail/sle-updates/2017-January/005783.html", }, { category: "self", summary: "SUSE Bug 1008933", url: "https://bugzilla.suse.com/1008933", }, { category: "self", summary: "SUSE Bug 1012398", url: "https://bugzilla.suse.com/1012398", }, { category: "self", summary: "SUSE Bug 1016475", url: "https://bugzilla.suse.com/1016475", }, { category: "self", summary: "SUSE CVE CVE-2016-9639 page", url: "https://www.suse.com/security/cve/CVE-2016-9639/", }, ], title: "Recommended update for Salt", tracking: { current_release_date: "2017-01-17T09:06:28Z", generator: { date: "2017-01-17T09:06:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-RU-2017:0169-1", initial_release_date: "2017-01-17T09:06:28Z", revision_history: [ { date: "2017-01-17T09:06:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "salt-2015.8.12-27.5.aarch64", product: { name: "salt-2015.8.12-27.5.aarch64", product_id: "salt-2015.8.12-27.5.aarch64", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.5.aarch64", product: { name: "salt-doc-2015.8.12-27.5.aarch64", product_id: "salt-doc-2015.8.12-27.5.aarch64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.5.aarch64", product: { name: "salt-minion-2015.8.12-27.5.aarch64", product_id: "salt-minion-2015.8.12-27.5.aarch64", }, }, { category: "product_version", name: "salt-master-2015.8.12-27.5.aarch64", product: { name: "salt-master-2015.8.12-27.5.aarch64", product_id: "salt-master-2015.8.12-27.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "salt-bash-completion-2015.8.12-27.5.noarch", product: { name: "salt-bash-completion-2015.8.12-27.5.noarch", product_id: "salt-bash-completion-2015.8.12-27.5.noarch", }, }, { category: "product_version", name: "salt-zsh-completion-2015.8.12-27.5.noarch", product: { name: "salt-zsh-completion-2015.8.12-27.5.noarch", product_id: "salt-zsh-completion-2015.8.12-27.5.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.5.ppc64le", product: { name: "salt-2015.8.12-27.5.ppc64le", product_id: "salt-2015.8.12-27.5.ppc64le", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.5.ppc64le", product: { name: "salt-doc-2015.8.12-27.5.ppc64le", product_id: "salt-doc-2015.8.12-27.5.ppc64le", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.5.ppc64le", product: { name: "salt-minion-2015.8.12-27.5.ppc64le", product_id: "salt-minion-2015.8.12-27.5.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.5.s390x", product: { name: "salt-2015.8.12-27.5.s390x", product_id: "salt-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.5.s390x", product: { name: "salt-doc-2015.8.12-27.5.s390x", product_id: "salt-doc-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.5.s390x", product: { name: "salt-minion-2015.8.12-27.5.s390x", product_id: "salt-minion-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-api-2015.8.12-27.5.s390x", product: { name: "salt-api-2015.8.12-27.5.s390x", product_id: "salt-api-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-master-2015.8.12-27.5.s390x", product: { name: "salt-master-2015.8.12-27.5.s390x", product_id: "salt-master-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-proxy-2015.8.12-27.5.s390x", product: { name: "salt-proxy-2015.8.12-27.5.s390x", product_id: "salt-proxy-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-ssh-2015.8.12-27.5.s390x", product: { name: "salt-ssh-2015.8.12-27.5.s390x", product_id: "salt-ssh-2015.8.12-27.5.s390x", }, }, { category: "product_version", name: "salt-syndic-2015.8.12-27.5.s390x", product: { name: "salt-syndic-2015.8.12-27.5.s390x", product_id: "salt-syndic-2015.8.12-27.5.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.5.x86_64", product: { name: "salt-2015.8.12-27.5.x86_64", product_id: "salt-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.5.x86_64", product: { name: "salt-doc-2015.8.12-27.5.x86_64", product_id: "salt-doc-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.5.x86_64", product: { name: "salt-minion-2015.8.12-27.5.x86_64", product_id: "salt-minion-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-api-2015.8.12-27.5.x86_64", product: { name: "salt-api-2015.8.12-27.5.x86_64", product_id: "salt-api-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-master-2015.8.12-27.5.x86_64", product: { name: "salt-master-2015.8.12-27.5.x86_64", product_id: "salt-master-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-proxy-2015.8.12-27.5.x86_64", product: { name: "salt-proxy-2015.8.12-27.5.x86_64", product_id: "salt-proxy-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-ssh-2015.8.12-27.5.x86_64", product: { name: "salt-ssh-2015.8.12-27.5.x86_64", product_id: "salt-ssh-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-syndic-2015.8.12-27.5.x86_64", product: { name: "salt-syndic-2015.8.12-27.5.x86_64", product_id: "salt-syndic-2015.8.12-27.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 12", product: { name: "SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12", }, }, { category: "product_name", name: "SUSE Linux Enterprise Point of Sale 12 SP2", product: { name: "SUSE Linux Enterprise Point of Sale 12 SP2", product_id: "SUSE Linux Enterprise Point of Sale 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-pos:12:sp2", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 3.0", product: { name: "SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:3.0", }, }, }, { category: "product_name", name: "SUSE Manager Server 3.0", product: { name: "SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:3.0", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 3", product: { name: "SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3", product_identification_helper: { cpe: "cpe:/o:suse:ses:3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.aarch64", }, product_reference: "salt-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.ppc64le", }, product_reference: "salt-2015.8.12-27.5.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.s390x", }, product_reference: "salt-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.x86_64", }, product_reference: "salt-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.aarch64", }, product_reference: "salt-doc-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.ppc64le", }, product_reference: "salt-doc-2015.8.12-27.5.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.s390x", }, product_reference: "salt-doc-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.x86_64", }, product_reference: "salt-doc-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.aarch64", }, product_reference: "salt-minion-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.ppc64le", }, product_reference: "salt-minion-2015.8.12-27.5.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.s390x", }, product_reference: "salt-minion-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.x86_64", }, product_reference: "salt-minion-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.x86_64 as component of SUSE Linux Enterprise Point of Sale 12 SP2", product_id: "SUSE Linux Enterprise Point of Sale 12 SP2:salt-2015.8.12-27.5.x86_64", }, product_reference: "salt-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Point of Sale 12 SP2", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.x86_64 as component of SUSE Linux Enterprise Point of Sale 12 SP2", product_id: "SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-2015.8.12-27.5.x86_64", }, product_reference: "salt-minion-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Point of Sale 12 SP2", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-2015.8.12-27.5.x86_64", }, product_reference: "salt-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-api-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-api-2015.8.12-27.5.x86_64", }, product_reference: "salt-api-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-bash-completion-2015.8.12-27.5.noarch as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-bash-completion-2015.8.12-27.5.noarch", }, product_reference: "salt-bash-completion-2015.8.12-27.5.noarch", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-doc-2015.8.12-27.5.x86_64", }, product_reference: "salt-doc-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-master-2015.8.12-27.5.x86_64", }, product_reference: "salt-master-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-minion-2015.8.12-27.5.x86_64", }, product_reference: "salt-minion-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-proxy-2015.8.12-27.5.x86_64", }, product_reference: "salt-proxy-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-ssh-2015.8.12-27.5.x86_64", }, product_reference: "salt-ssh-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-2015.8.12-27.5.x86_64 as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-syndic-2015.8.12-27.5.x86_64", }, product_reference: "salt-syndic-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-zsh-completion-2015.8.12-27.5.noarch as component of SUSE Manager Proxy 3.0", product_id: "SUSE Manager Proxy 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", }, product_reference: "salt-zsh-completion-2015.8.12-27.5.noarch", relates_to_product_reference: "SUSE Manager Proxy 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-2015.8.12-27.5.s390x", }, product_reference: "salt-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-2015.8.12-27.5.x86_64", }, product_reference: "salt-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-api-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.s390x", }, product_reference: "salt-api-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-api-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.x86_64", }, product_reference: "salt-api-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-bash-completion-2015.8.12-27.5.noarch as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-bash-completion-2015.8.12-27.5.noarch", }, product_reference: "salt-bash-completion-2015.8.12-27.5.noarch", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.s390x", }, product_reference: "salt-doc-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.x86_64", }, product_reference: "salt-doc-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.s390x", }, product_reference: "salt-master-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.x86_64", }, product_reference: "salt-master-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.s390x", }, product_reference: "salt-minion-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.x86_64", }, product_reference: "salt-minion-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.s390x", }, product_reference: "salt-proxy-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-proxy-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.x86_64", }, product_reference: "salt-proxy-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.s390x", }, product_reference: "salt-ssh-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-ssh-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.x86_64", }, product_reference: "salt-ssh-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-2015.8.12-27.5.s390x as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.s390x", }, product_reference: "salt-syndic-2015.8.12-27.5.s390x", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-syndic-2015.8.12-27.5.x86_64 as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.x86_64", }, product_reference: "salt-syndic-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-zsh-completion-2015.8.12-27.5.noarch as component of SUSE Manager Server 3.0", product_id: "SUSE Manager Server 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", }, product_reference: "salt-zsh-completion-2015.8.12-27.5.noarch", relates_to_product_reference: "SUSE Manager Server 3.0", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.aarch64 as component of SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.aarch64", }, product_reference: "salt-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 3", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.x86_64 as component of SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.x86_64", }, product_reference: "salt-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 3", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.aarch64 as component of SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.aarch64", }, product_reference: "salt-master-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 3", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.x86_64 as component of SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.x86_64", }, product_reference: "salt-master-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 3", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.aarch64 as component of SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.aarch64", }, product_reference: "salt-minion-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 3", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.x86_64 as component of SUSE Enterprise Storage 3", product_id: "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.x86_64", }, product_reference: "salt-minion-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 3", }, ], }, vulnerabilities: [ { cve: "CVE-2016-9639", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9639", }, ], notes: [ { category: "general", text: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.x86_64", "SUSE Linux Enterprise Point of Sale 12 SP2:salt-2015.8.12-27.5.x86_64", "SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-api-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-bash-completion-2015.8.12-27.5.noarch", "SUSE Manager Proxy 3.0:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-master-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-proxy-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-ssh-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-syndic-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", "SUSE Manager Server 3.0:salt-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-bash-completion-2015.8.12-27.5.noarch", "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", ], }, references: [ { category: "external", summary: "CVE-2016-9639", url: "https://www.suse.com/security/cve/CVE-2016-9639", }, { category: "external", summary: "SUSE Bug 1012398 for CVE-2016-9639", url: "https://bugzilla.suse.com/1012398", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.x86_64", "SUSE Linux Enterprise Point of Sale 12 SP2:salt-2015.8.12-27.5.x86_64", "SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-api-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-bash-completion-2015.8.12-27.5.noarch", "SUSE Manager Proxy 3.0:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-master-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-proxy-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-ssh-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-syndic-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", "SUSE Manager Server 3.0:salt-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-bash-completion-2015.8.12-27.5.noarch", "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-master-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 3:salt-minion-2015.8.12-27.5.x86_64", "SUSE Linux Enterprise Point of Sale 12 SP2:salt-2015.8.12-27.5.x86_64", "SUSE Linux Enterprise Point of Sale 12 SP2:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.aarch64", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.ppc64le", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.s390x", "SUSE Manager Client Tools 12:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-api-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-bash-completion-2015.8.12-27.5.noarch", "SUSE Manager Proxy 3.0:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-master-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-proxy-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-ssh-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-syndic-2015.8.12-27.5.x86_64", "SUSE Manager Proxy 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", "SUSE Manager Server 3.0:salt-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-api-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-bash-completion-2015.8.12-27.5.noarch", "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-doc-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-master-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-minion-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-proxy-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-ssh-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.s390x", "SUSE Manager Server 3.0:salt-syndic-2015.8.12-27.5.x86_64", "SUSE Manager Server 3.0:salt-zsh-completion-2015.8.12-27.5.noarch", ], }, ], threats: [ { category: "impact", date: "2017-01-17T09:06:28Z", details: "low", }, ], title: "CVE-2016-9639", }, ], }
suse-ru-2017:0174-1
Vulnerability from csaf_suse
Published
2017-01-17 09:08
Modified
2017-01-17 09:08
Summary
Recommended update for SUSE Manager Client Tools
Notes
Title of the patch
Recommended update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
osad:
- Fix logfile option for osa-dispatcher. (bsc#980752)
salt:
- Update to 2015.8.12
- Add pre-require to salt for minions.
- Do not restart salt-minion in salt package.
- Add try-restart to sys-v init scripts.
- Add 'Restart=on-failure' for salt-minion systemd service.
- Various fixes for signal handling.
- Successfully exit of salt-api child processes when SIGTERM is received.
- Re-introduce 'KillMode=process' for salt-minion systemd service.
- Fix setting default timezone. (bsc#1008933)
- Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)
spacewalk-backend:
- Handle non-unique machine_id after migrate from 2.1. (bsc#1013002)
- Refer to scc.suse.com instead of bugzilla.novell.com in case of problem. (bsc#967818)
- Fix selection of primary interface. (bsc#1009677)
- Add link from satellite-sync to mgr-inter-sync man page. (bsc#1009435)
- Reposync: Assign orphaned vendor packages to the default org. (bsc#995764)
- Add missing reference for bsc#996609
supportutils-plugin-susemanager-client:
- Include correct configuration file in the supportconfig.
Patchnames
slesctsp3-client-tools-201612-12942,slesctsp4-client-tools-201612-12942
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Recommended update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\nosad:\n\n- Fix logfile option for osa-dispatcher. (bsc#980752)\n\nsalt:\n\n- Update to 2015.8.12\n- Add pre-require to salt for minions.\n- Do not restart salt-minion in salt package.\n- Add try-restart to sys-v init scripts.\n- Add 'Restart=on-failure' for salt-minion systemd service.\n- Various fixes for signal handling.\n- Successfully exit of salt-api child processes when SIGTERM is received.\n- Re-introduce 'KillMode=process' for salt-minion systemd service.\n- Fix setting default timezone. (bsc#1008933)\n- Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)\n\nspacewalk-backend:\n\n- Handle non-unique machine_id after migrate from 2.1. (bsc#1013002)\n- Refer to scc.suse.com instead of bugzilla.novell.com in case of problem. (bsc#967818)\n- Fix selection of primary interface. (bsc#1009677)\n- Add link from satellite-sync to mgr-inter-sync man page. (bsc#1009435)\n- Reposync: Assign orphaned vendor packages to the default org. (bsc#995764)\n- Add missing reference for bsc#996609\n\nsupportutils-plugin-susemanager-client:\n\n- Include correct configuration file in the supportconfig.\n\n", title: "Description of the patch", }, { category: "details", text: "slesctsp3-client-tools-201612-12942,slesctsp4-client-tools-201612-12942", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2017_0174-1.json", }, { category: "self", summary: "URL for SUSE-RU-2017:0174-1", url: "https://www.suse.com/support/update/announcement//suse-ru-20170174-1/", }, { category: "self", summary: "E-Mail link for SUSE-RU-2017:0174-1", url: "https://lists.suse.com/pipermail/sle-updates/2017-January/005788.html", }, { category: "self", summary: "SUSE Bug 1008933", url: "https://bugzilla.suse.com/1008933", }, { category: "self", summary: "SUSE Bug 1009435", url: "https://bugzilla.suse.com/1009435", }, { category: "self", summary: "SUSE Bug 1009677", url: "https://bugzilla.suse.com/1009677", }, { category: "self", summary: "SUSE Bug 1012398", url: "https://bugzilla.suse.com/1012398", }, { category: "self", summary: "SUSE Bug 1013002", url: "https://bugzilla.suse.com/1013002", }, { category: "self", summary: "SUSE Bug 967818", url: "https://bugzilla.suse.com/967818", }, { category: "self", summary: "SUSE Bug 980752", url: "https://bugzilla.suse.com/980752", }, { category: "self", summary: "SUSE Bug 995764", url: "https://bugzilla.suse.com/995764", }, { category: "self", summary: "SUSE Bug 996609", url: "https://bugzilla.suse.com/996609", }, { category: "self", summary: "SUSE CVE CVE-2016-9639 page", url: "https://www.suse.com/security/cve/CVE-2016-9639/", }, ], title: "Recommended update for SUSE Manager Client Tools", tracking: { current_release_date: "2017-01-17T09:08:52Z", generator: { date: "2017-01-17T09:08:52Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-RU-2017:0174-1", initial_release_date: "2017-01-17T09:08:52Z", revision_history: [ { date: "2017-01-17T09:08:52Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "salt-2015.8.12-27.1.i586", product: { name: "salt-2015.8.12-27.1.i586", product_id: "salt-2015.8.12-27.1.i586", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.1.i586", product: { name: "salt-doc-2015.8.12-27.1.i586", product_id: "salt-doc-2015.8.12-27.1.i586", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.1.i586", product: { name: "salt-minion-2015.8.12-27.1.i586", product_id: "salt-minion-2015.8.12-27.1.i586", }, }, { category: "product_version", name: "spacewalk-backend-libs-2.5.24.7-16.1.i586", product: { name: "spacewalk-backend-libs-2.5.24.7-16.1.i586", product_id: "spacewalk-backend-libs-2.5.24.7-16.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.1.ia64", product: { name: "salt-2015.8.12-27.1.ia64", product_id: "salt-2015.8.12-27.1.ia64", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.1.ia64", product: { name: "salt-doc-2015.8.12-27.1.ia64", product_id: "salt-doc-2015.8.12-27.1.ia64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.1.ia64", product: { name: "salt-minion-2015.8.12-27.1.ia64", product_id: "salt-minion-2015.8.12-27.1.ia64", }, }, { category: "product_version", name: "spacewalk-backend-libs-2.5.24.7-16.1.ia64", product: { name: "spacewalk-backend-libs-2.5.24.7-16.1.ia64", product_id: "spacewalk-backend-libs-2.5.24.7-16.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "osa-common-5.11.64.3-5.1.noarch", product: { name: "osa-common-5.11.64.3-5.1.noarch", product_id: "osa-common-5.11.64.3-5.1.noarch", }, }, { category: "product_version", name: "osad-5.11.64.3-5.1.noarch", product: { name: "osad-5.11.64.3-5.1.noarch", product_id: "osad-5.11.64.3-5.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", product: { name: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", product_id: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.1.ppc64", product: { name: "salt-2015.8.12-27.1.ppc64", product_id: "salt-2015.8.12-27.1.ppc64", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.1.ppc64", product: { name: "salt-doc-2015.8.12-27.1.ppc64", product_id: "salt-doc-2015.8.12-27.1.ppc64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.1.ppc64", product: { name: "salt-minion-2015.8.12-27.1.ppc64", product_id: "salt-minion-2015.8.12-27.1.ppc64", }, }, { category: "product_version", name: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64", product: { name: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64", product_id: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.1.s390x", product: { name: "salt-2015.8.12-27.1.s390x", product_id: "salt-2015.8.12-27.1.s390x", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.1.s390x", product: { name: "salt-doc-2015.8.12-27.1.s390x", product_id: "salt-doc-2015.8.12-27.1.s390x", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.1.s390x", product: { name: "salt-minion-2015.8.12-27.1.s390x", product_id: "salt-minion-2015.8.12-27.1.s390x", }, }, { category: "product_version", name: "spacewalk-backend-libs-2.5.24.7-16.1.s390x", product: { name: "spacewalk-backend-libs-2.5.24.7-16.1.s390x", product_id: "spacewalk-backend-libs-2.5.24.7-16.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.1.x86_64", product: { name: "salt-2015.8.12-27.1.x86_64", product_id: "salt-2015.8.12-27.1.x86_64", }, }, { category: "product_version", name: "salt-doc-2015.8.12-27.1.x86_64", product: { name: "salt-doc-2015.8.12-27.1.x86_64", product_id: "salt-doc-2015.8.12-27.1.x86_64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.1.x86_64", product: { name: "salt-minion-2015.8.12-27.1.x86_64", product_id: "salt-minion-2015.8.12-27.1.x86_64", }, }, { category: "product_version", name: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64", product: { name: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64", product_id: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product: { name: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_identification_helper: { cpe: "cpe:/a:suse:sle-clienttools:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product: { name: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_identification_helper: { cpe: "cpe:/a:suse:sle-clienttools:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "osa-common-5.11.64.3-5.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", }, product_reference: "osa-common-5.11.64.3-5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "osad-5.11.64.3-5.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", }, product_reference: "osad-5.11.64.3-5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", }, product_reference: "salt-2015.8.12-27.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", }, product_reference: "salt-2015.8.12-27.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", }, product_reference: "salt-2015.8.12-27.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", }, product_reference: "salt-2015.8.12-27.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", }, product_reference: "salt-2015.8.12-27.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", }, product_reference: "salt-doc-2015.8.12-27.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", }, product_reference: "salt-doc-2015.8.12-27.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", }, product_reference: "salt-doc-2015.8.12-27.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", }, product_reference: "salt-doc-2015.8.12-27.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", }, product_reference: "salt-doc-2015.8.12-27.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", }, product_reference: "salt-minion-2015.8.12-27.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", }, product_reference: "salt-minion-2015.8.12-27.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", }, product_reference: "salt-minion-2015.8.12-27.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", }, product_reference: "salt-minion-2015.8.12-27.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", }, product_reference: "salt-minion-2015.8.12-27.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", }, product_reference: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "osa-common-5.11.64.3-5.1.noarch as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", }, product_reference: "osa-common-5.11.64.3-5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "osad-5.11.64.3-5.1.noarch as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", }, product_reference: "osad-5.11.64.3-5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", }, product_reference: "salt-2015.8.12-27.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", }, product_reference: "salt-2015.8.12-27.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", }, product_reference: "salt-2015.8.12-27.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", }, product_reference: "salt-2015.8.12-27.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", }, product_reference: "salt-2015.8.12-27.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", }, product_reference: "salt-doc-2015.8.12-27.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", }, product_reference: "salt-doc-2015.8.12-27.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", }, product_reference: "salt-doc-2015.8.12-27.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", }, product_reference: "salt-doc-2015.8.12-27.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-doc-2015.8.12-27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", }, product_reference: "salt-doc-2015.8.12-27.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", }, product_reference: "salt-minion-2015.8.12-27.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", }, product_reference: "salt-minion-2015.8.12-27.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", }, product_reference: "salt-minion-2015.8.12-27.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", }, product_reference: "salt-minion-2015.8.12-27.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", }, product_reference: "salt-minion-2015.8.12-27.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", }, product_reference: "spacewalk-backend-libs-2.5.24.7-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", product_id: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", }, product_reference: "supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-9639", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9639", }, ], notes: [ { category: "general", text: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2016-9639", url: "https://www.suse.com/security/cve/CVE-2016-9639", }, { category: "external", summary: "SUSE Bug 1012398 for CVE-2016-9639", url: "https://bugzilla.suse.com/1012398", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osa-common-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:osad-5.11.64.3-5.1.noarch", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2015.8.12-27.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.i586", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ia64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.ppc64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.s390x", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:spacewalk-backend-libs-2.5.24.7-16.1.x86_64", "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:supportutils-plugin-susemanager-client-3.0.5-5.1.noarch", ], }, ], threats: [ { category: "impact", date: "2017-01-17T09:08:52Z", details: "low", }, ], title: "CVE-2016-9639", }, ], }
suse-ru-2017:0171-1
Vulnerability from csaf_suse
Published
2017-01-17 09:06
Modified
2017-01-17 09:06
Summary
Recommended update for salt
Notes
Title of the patch
Recommended update for salt
Description of the patch
This update for Salt fixes one security issue and several non-security issues.
The following security issue has been fixed:
- Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)
The following non-security issues have been fixed:
- Update to 2015.8.12
- Add pre-require to salt for minions.
- Do not restart salt-minion in salt package.
- Add try-restart to sys-v init scripts.
- Add 'Restart=on-failure' for salt-minion systemd service.
- Re-introduce 'KillMode=process' for salt-minion systemd service.
- Successfully exit of salt-api child processes when SIGTERM is received.
- Fix exit codes of sysv init script. (bsc#999852)
- Include resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade.
- Fix Salt API crash via salt-ssh on empty roster. (bsc#1004723)
- Add 'dist-upgrade' support to zypper module. (fate#320559)
- Fix position of -X option to setfacl. (bsc#1004260)
- Fix generated shebang in scripts on SLES-ES 7. (bsc#1004047)
- Fix changing default-timezone. (bsc#1008933)
Patchnames
SUSE-Storage-4-2017-77
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Recommended update for salt", title: "Title of the patch", }, { category: "description", text: "\nThis update for Salt fixes one security issue and several non-security issues.\n\nThe following security issue has been fixed:\n\n- Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)\n\nThe following non-security issues have been fixed:\n\n- Update to 2015.8.12\n- Add pre-require to salt for minions.\n- Do not restart salt-minion in salt package.\n- Add try-restart to sys-v init scripts.\n- Add 'Restart=on-failure' for salt-minion systemd service.\n- Re-introduce 'KillMode=process' for salt-minion systemd service.\n- Successfully exit of salt-api child processes when SIGTERM is received.\n- Fix exit codes of sysv init script. (bsc#999852)\n- Include resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade.\n- Fix Salt API crash via salt-ssh on empty roster. (bsc#1004723)\n- Add 'dist-upgrade' support to zypper module. (fate#320559)\n- Fix position of -X option to setfacl. (bsc#1004260)\n- Fix generated shebang in scripts on SLES-ES 7. (bsc#1004047)\n- Fix changing default-timezone. (bsc#1008933)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-Storage-4-2017-77", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2017_0171-1.json", }, { category: "self", summary: "URL for SUSE-RU-2017:0171-1", url: "https://www.suse.com/support/update/announcement//suse-ru-20170171-1/", }, { category: "self", summary: "E-Mail link for SUSE-RU-2017:0171-1", url: "https://lists.suse.com/pipermail/sle-updates/2017-January/005785.html", }, { category: "self", summary: "SUSE Bug 1003449", url: "https://bugzilla.suse.com/1003449", }, { category: "self", summary: "SUSE Bug 1004047", url: "https://bugzilla.suse.com/1004047", }, { category: "self", summary: "SUSE Bug 1004260", url: "https://bugzilla.suse.com/1004260", }, { category: "self", summary: "SUSE Bug 1004723", url: "https://bugzilla.suse.com/1004723", }, { category: "self", summary: "SUSE Bug 1008933", url: "https://bugzilla.suse.com/1008933", }, { category: "self", summary: "SUSE Bug 1012398", url: "https://bugzilla.suse.com/1012398", }, { category: "self", summary: "SUSE Bug 986019", url: "https://bugzilla.suse.com/986019", }, { category: "self", summary: "SUSE Bug 999852", url: "https://bugzilla.suse.com/999852", }, { category: "self", summary: "SUSE CVE CVE-2016-9639 page", url: "https://www.suse.com/security/cve/CVE-2016-9639/", }, ], title: "Recommended update for salt", tracking: { current_release_date: "2017-01-17T09:06:09Z", generator: { date: "2017-01-17T09:06:09Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-RU-2017:0171-1", initial_release_date: "2017-01-17T09:06:09Z", revision_history: [ { date: "2017-01-17T09:06:09Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "salt-2015.8.12-27.5.aarch64", product: { name: "salt-2015.8.12-27.5.aarch64", product_id: "salt-2015.8.12-27.5.aarch64", }, }, { category: "product_version", name: "salt-master-2015.8.12-27.5.aarch64", product: { name: "salt-master-2015.8.12-27.5.aarch64", product_id: "salt-master-2015.8.12-27.5.aarch64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.5.aarch64", product: { name: "salt-minion-2015.8.12-27.5.aarch64", product_id: "salt-minion-2015.8.12-27.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "salt-2015.8.12-27.5.x86_64", product: { name: "salt-2015.8.12-27.5.x86_64", product_id: "salt-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-master-2015.8.12-27.5.x86_64", product: { name: "salt-master-2015.8.12-27.5.x86_64", product_id: "salt-master-2015.8.12-27.5.x86_64", }, }, { category: "product_version", name: "salt-minion-2015.8.12-27.5.x86_64", product: { name: "salt-minion-2015.8.12-27.5.x86_64", product_id: "salt-minion-2015.8.12-27.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Enterprise Storage 4", product: { name: "SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4", product_identification_helper: { cpe: "cpe:/o:suse:ses:4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.aarch64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.aarch64", }, product_reference: "salt-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "salt-2015.8.12-27.5.x86_64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.x86_64", }, product_reference: "salt-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.aarch64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.aarch64", }, product_reference: "salt-master-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "salt-master-2015.8.12-27.5.x86_64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.x86_64", }, product_reference: "salt-master-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.aarch64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.aarch64", }, product_reference: "salt-minion-2015.8.12-27.5.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "salt-minion-2015.8.12-27.5.x86_64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.x86_64", }, product_reference: "salt-minion-2015.8.12-27.5.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, ], }, vulnerabilities: [ { cve: "CVE-2016-9639", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9639", }, ], notes: [ { category: "general", text: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9639", url: "https://www.suse.com/security/cve/CVE-2016-9639", }, { category: "external", summary: "SUSE Bug 1012398 for CVE-2016-9639", url: "https://bugzilla.suse.com/1012398", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-master-2015.8.12-27.5.x86_64", "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.aarch64", "SUSE Enterprise Storage 4:salt-minion-2015.8.12-27.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-01-17T09:06:09Z", details: "low", }, ], title: "CVE-2016-9639", }, ], }
ghsa-hvmj-356c-gpf4
Vulnerability from github
Published
2022-05-17 03:00
Modified
2024-10-21 21:30
Severity ?
Summary
Salt allows deleted minions to read or write to minions with the same id
Details
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
{ affected: [ { package: { ecosystem: "PyPI", name: "salt", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "2015.8.11", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2016-9639", ], database_specific: { cwe_ids: [ "CWE-284", ], github_reviewed: true, github_reviewed_at: "2024-04-30T08:34:20Z", nvd_published_at: "2017-02-07T17:59:00Z", severity: "CRITICAL", }, details: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", id: "GHSA-hvmj-356c-gpf4", modified: "2024-10-21T21:30:27Z", published: "2022-05-17T03:00:54Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9639", }, { type: "WEB", url: "https://docs.saltproject.io/en/latest/topics/releases/2015.8.11.html#new-master-configuration-parameter", }, { type: "WEB", url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { type: "WEB", url: "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-34.yaml", }, { type: "PACKAGE", url: "https://github.com/saltstack/salt", }, { type: "WEB", url: "https://web.archive.org/web/20200227212146/http://www.securityfocus.com/bid/94553", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Salt allows deleted minions to read or write to minions with the same id", }
gsd-2016-9639
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Aliases
Aliases
{ GSD: { alias: "CVE-2016-9639", description: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", id: "GSD-2016-9639", references: [ "https://www.suse.com/security/cve/CVE-2016-9639.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2016-9639", ], details: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", id: "GSD-2016-9639", modified: "2023-12-13T01:21:21.403309Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9639", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20161125 CVE Request: salt confidentiality issue", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { name: "94553", refsource: "BID", url: "http://www.securityfocus.com/bid/94553", }, { name: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", refsource: "CONFIRM", url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { name: "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2015.8.10", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9639", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key", }, { name: "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/3", }, { name: "[oss-security] 20161125 CVE Request: salt confidentiality issue", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/11/25/2", }, { name: "94553", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94553", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, }, }, lastModifiedDate: "2017-02-09T22:08Z", publishedDate: "2017-02-07T17:59Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.