Oval Definition:	oval:org.opensuse.security:def:4759
Revision Date: 2020-12-02 Version: 1 Title: Security update for salt (Important) Description: This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). Non-security issues fixed: - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784). - Fixed async call to process manager (bsc#1110938). - Fixed OS arch detection when RPM is not installed (bsc#1114197). Family: unix Class: patch Status: Reference(s): 1046299 1046303 1046305 1050244 1050536 1050545 1051510 1054914 1055117 1055186 1061840 1064802 1065600 1065729 1066129 1066489 1071995 1073513 1082318 1082555 1082635 1083647 1084603 1086323 1087092 1089644 1090631 1093205 1096254 1097583 1097584 1097585 1097586 1097587 1097588 1098291 1098998 1101674 1104967 1107343 1107772 1109158 1109363 1109379 1110938 1111666 1112178 1113698 1113699 1113722 1113784 1113994 1114197 1114279 1117665 1119086 1119461 1119465 1123034 1123080 1127988 1131304 1133140 1133297 1134303 1134689 1135642 1135854 1135873 1135967 1137040 1137069 1137595 1137799 1137861 1137865 1137959 1138034 1138190 1139073 1140090 1140155 1140729 1140845 1140883 1141013 1141600 1142076 1142635 1142667 1143706 1144338 1144375 1144449 1144903 1145099 1146042 1146519 1146540 1146612 1146664 1148133 1148410 1148712 1148868 1149119 1149313 1149446 1149555 1149651 1149853 1150381 1150423 1150452 1150457 1150465 1150875 1151350 1151508 1151610 1151667 1151680 1151807 1151891 1151955 1152024 1152025 1152026 1152033 1152161 1152325 1152457 1152460 1152466 1152624 1152665 1152685 1152696 1152697 1152788 1152790 1152791 1152972 1152974 1152975 1153112 1153158 1153236 1153263 1153476 1153509 1153607 1153646 1153681 1153713 1153717 1153718 1153719 1153811 1153969 1154108 1154189 1154242 1154268 1154354 1154372 1154521 1154578 1154607 1154608 1154610 1154611 1154651 1154737 1154747 1154848 1154858 1154905 1154956 1155061 1155178 1155179 1155184 1155186 1155671 1160594 1160764 1161779 1163922 1166238 1167631 1170603 1173455 1173580 1175664 1175665 1175671 1176069 802154 814594 919448 987367 995932 996032 99606 996648 998153 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 CVE-2017-16541 CVE-2017-18595 CVE-2018-12207 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 CVE-2018-15750 CVE-2018-15751 CVE-2018-5156 CVE-2018-5187 CVE-2018-5188 CVE-2019-10130 CVE-2019-10164 CVE-2019-10220 CVE-2019-11135 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-20503 CVE-2019-3688 CVE-2019-3690 CVE-2019-9506 CVE-2020-12268 CVE-2020-14386 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-1752 CVE-2020-24606 CVE-2020-4044 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-8013 SUSE-SU-2016:2250-1 SUSE-SU-2018:3247-1 SUSE-SU-2018:3815-1 SUSE-SU-2019:1495-1 SUSE-SU-2019:1810-1 SUSE-SU-2019:2706-1 SUSE-SU-2020:0721-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:1163-1 SUSE-SU-2020:1220-1 SUSE-SU-2020:1396-2 SUSE-SU-2020:1933-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:2577-1 Platform(s): SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 5 SUSE Package Hub for SUSE Linux Enterprise 12 Product(s): Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND python-requests-2.8.1-6.9.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND bogofilter-1.2.4-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND bogofilter-1.2.4-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information bzip2-1.0.6-29 is installed OR libbz2-1-1.0.6-29 is installed OR libbz2-1-32bit-1.0.6-29 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND cifs-utils-6.5-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information NetworkManager-1.0.12-13.6 is installed OR NetworkManager-lang-1.0.12-13.6 is installed OR libnm-glib-vpn1-1.0.12-13.6 is installed OR libnm-glib4-1.0.12-13.6 is installed OR libnm-util2-1.0.12-13.6 is installed OR libnm0-1.0.12-13.6 is installed OR typelib-1_0-NM-1_0-1.0.12-13.6 is installed OR typelib-1_0-NMClient-1_0-1.0.12-13.6 is installed OR typelib-1_0-NetworkManager-1_0-1.0.12-13.6 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP2 is installed AND haproxy-1.6.5-5 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND python-requests-2.8.1-6.16 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND ctdb-4.6.16+git.124.aee309c5c18-3.32 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP5 is installed AND lighttpd-1.4.35-3 is installed Definition Synopsis SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND apache2-mod_perl-2.0.8-11 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 is installed AND Package Information kgraft-patch-3_12_38-44-default-1-2.2 is installed OR kgraft-patch-3_12_38-44-xen-1-2.2 is installed OR kgraft-patch-SLE12_Update_3-1-2.2 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information salt-2018.3.0-5.20 is installed OR salt-api-2018.3.0-5.20 is installed OR salt-cloud-2018.3.0-5.20 is installed OR salt-fish-completion-2018.3.0-5.20 is installed OR salt-master-2018.3.0-5.20 is installed OR salt-proxy-2018.3.0-5.20 is installed OR salt-ssh-2018.3.0-5.20 is installed OR salt-syndic-2018.3.0-5.20 is installed Definition Synopsis SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT is installed AND Package Information MozillaFirefox-60.3.0-109.50 is installed OR MozillaFirefox-devel-60.3.0-109.50 is installed OR MozillaFirefox-translations-common-60.3.0-109.50 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP2 is installed AND Package Information ecryptfs-utils-61-1.29.1 is installed OR ecryptfs-utils-32bit-61-1.29.1 is installed OR ecryptfs-utils-x86-61-1.29.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3 is installed AND aaa_base-11-6.90.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3-LTSS is installed AND Package Information ImageMagick-6.4.3.6-7.37.1 is installed OR libMagickCore1-6.4.3.6-7.37.1 is installed OR libMagickCore1-32bit-6.4.3.6-7.37.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information gnutls-3.2.15-4.1 is installed OR libgnutls-openssl27-3.2.15-4.1 is installed OR libgnutls28-3.2.15-4.1 is installed OR libgnutls28-32bit-3.2.15-4.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libecpg6-9.4.5-4 is installed OR libpq5-9.4.5-4 is installed OR libpq5-32bit-9.4.5-4 is installed OR postgresql94-9.4.5-4 is installed OR postgresql94-contrib-9.4.5-4 is installed OR postgresql94-docs-9.4.5-4 is installed OR postgresql94-server-9.4.5-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information bind-9.9.9P1-46 is installed OR bind-chrootenv-9.9.9P1-46 is installed OR bind-doc-9.9.9P1-46 is installed OR bind-libs-9.9.9P1-46 is installed OR bind-libs-32bit-9.9.9P1-46 is installed OR bind-utils-9.9.9P1-46 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information at-3.1.14-7 is installed OR flex-2.5.37-8 is installed OR flex-32bit-2.5.37-8 is installed OR libQtWebKit4-4.8.6+2.3.3-3 is installed OR libQtWebKit4-32bit-4.8.6+2.3.3-3 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-doc-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bash-4.3-83.15 is installed OR bash-doc-4.3-83.15 is installed OR libreadline6-6.3-83.15 is installed OR libreadline6-32bit-6.3-83.15 is installed OR readline-doc-6.3-83.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12-LTSS is installed AND Package Information kgraft-patch-3_12_60-52_49-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_14-2-2.2 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information glibc-2.26-13.45 is installed OR glibc-32bit-2.26-13.45 is installed OR glibc-devel-2.26-13.45 is installed OR glibc-devel-32bit-2.26-13.45 is installed OR glibc-devel-static-2.26-13.45 is installed OR glibc-extra-2.26-13.45 is installed OR glibc-i18ndata-2.26-13.45 is installed OR glibc-info-2.26-13.45 is installed OR glibc-locale-2.26-13.45 is installed OR glibc-locale-base-2.26-13.45 is installed OR glibc-locale-base-32bit-2.26-13.45 is installed OR glibc-profile-2.26-13.45 is installed OR glibc-utils-2.26-13.45 is installed OR glibc-utils-src-2.26-13.45 is installed OR nscd-2.26-13.45 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND permissions-20180125-3.21 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP3 is installed AND Package Information gtk2-2.18.9-0.39.1 is installed OR gtk2-devel-2.18.9-0.39.1 is installed OR gtk2-devel-32bit-2.18.9-0.39.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND Package Information libtiff-devel-3.8.2-141.160.1 is installed OR libtiff-devel-32bit-3.8.2-141.160.1 is installed OR tiff-3.8.2-141.160.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND dbus-1-glib-devel-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information bash-devel-4.2-75 is installed OR readline-devel-6.2-75 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information DirectFB-devel-1.7.1-6 is installed OR lib++dfb-devel-1.7.1-6 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information MozillaThunderbird-60.2.1-3.13 is installed OR MozillaThunderbird-translations-common-60.2.1-3.13 is installed OR MozillaThunderbird-translations-other-60.2.1-3.13 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.26 is installed OR kernel-default-extra-4.12.14-197.26 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information kernel-default-5.3.18-24.15 is installed OR kernel-default-extra-5.3.18-24.15 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 12 is installed AND Package Information chromedriver-53.0.2785.89-96 is installed OR chromium-53.0.2785.89-96 is installed OR chromium-desktop-gnome-53.0.2785.89-96 is installed OR chromium-desktop-kde-53.0.2785.89-96 is installed OR chromium-ffmpegsumo-53.0.2785.89-96 is installed
BACK