openSUSE Security Update : salt (openSUSE-2017-1016)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for salt fixes the following issues :

- Update to 2017.7.1 See
17.7.1.html for full changelog

- CVE-2017-12791: crafted minion ID could lead directory
traversal on the Salt-master (boo#1053955)

- Run fdupes over all of /usr because it still warns about
duplicate files. Remove ancient suse_version > 1020

- Replace unnecessary %__ indirections. Use grep -q in
favor of >/dev/null.

- Avoid bashisms in %pre.

- Update to 2017.7.0 See
17.7.0.html for full changelog

- fix ownership for whole master cache directory

- fix setting the language on SUSE systems (boo#1038855)

- wrong os_family grains on SUSE - fix unittests

- speed-up cherrypy by removing sleep call

- Disable 3rd party runtime packages to be explicitly
recommended. (boo#1040886)

- fix format error (boo#1043111)

- Add a salt-minion watchdog for RHEL6 and SLES11 systems
(sysV) to restart salt-minion in case of crashes during

- Add procps as dependency.

- Bugfix: jobs scheduled to run at a future time stay
pending for Salt minions (boo#1036125)

See also :

Solution :

Update the affected salt packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: SuSE Local Security Checks

Nessus Plugin ID: 103154 ()

Bugtraq ID:

CVE ID: CVE-2017-12791

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now