openSUSE Security Update : salt (openSUSE-2017-1016)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for salt fixes the following issues :

- Update to 2017.7.1 See
https://docs.saltstack.com/en/develop/topics/releases/20
17.7.1.html for full changelog

- CVE-2017-12791: crafted minion ID could lead directory
traversal on the Salt-master (boo#1053955)



- Run fdupes over all of /usr because it still warns about
duplicate files. Remove ancient suse_version > 1020
conditional.

- Replace unnecessary %__ indirections. Use grep -q in
favor of >/dev/null.

- Avoid bashisms in %pre.

- Update to 2017.7.0 See
https://docs.saltstack.com/en/develop/topics/releases/20
17.7.0.html for full changelog

- fix ownership for whole master cache directory
(boo#1035914)

- fix setting the language on SUSE systems (boo#1038855)

- wrong os_family grains on SUSE - fix unittests
(boo#1038855)

- speed-up cherrypy by removing sleep call

- Disable 3rd party runtime packages to be explicitly
recommended. (boo#1040886)

- fix format error (boo#1043111)

- Add a salt-minion watchdog for RHEL6 and SLES11 systems
(sysV) to restart salt-minion in case of crashes during
upgrade.

- Add procps as dependency.

- Bugfix: jobs scheduled to run at a future time stay
pending for Salt minions (boo#1036125)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1035914
https://bugzilla.opensuse.org/show_bug.cgi?id=1036125
https://bugzilla.opensuse.org/show_bug.cgi?id=1038855
https://bugzilla.opensuse.org/show_bug.cgi?id=1040886
https://bugzilla.opensuse.org/show_bug.cgi?id=1043111
https://bugzilla.opensuse.org/show_bug.cgi?id=1053955
https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html

Solution :

Update the affected salt packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 103154 ()

Bugtraq ID:

CVE ID: CVE-2017-12791

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now