OVAL Reference oval:org.opensuse.security:def:53190

Oval Definition:

oval:org.opensuse.security:def:53190

Revision Date:	2020-12-01	Version:	1
Title:	Security update for salt (Important)
Description:	This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). Non-security issues fixed: - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784). - Fixed async call to process manager (bsc#1110938). - Fixed OS arch detection when RPM is not installed (bsc#1114197).
Family:	unix	Class:	patch
Status:		Reference(s):	1005070 1005072 1005076 1007188 1020868 1020890 1020976 1022428 1034911 1110938 1113698 1113699 1113784 1114197 1141122 1157119 1160673 1160922 913058 921070 958963 960155 965875 986566 989980 996821 998677 CVE-2007-4772 CVE-2007-6600 CVE-2009-1720 CVE-2009-1721 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-2494 CVE-2010-3433 CVE-2011-3848 CVE-2011-3872 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-2738 CVE-2012-3488 CVE-2012-3489 CVE-2012-3864 CVE-2012-3865 CVE-2012-3866 CVE-2012-3867 CVE-2012-5468 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2014-3248 CVE-2014-3253 CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 CVE-2015-1782 CVE-2015-1782 CVE-2015-2304 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2015-7552 CVE-2016-0739 CVE-2016-0766 CVE-2016-0773 CVE-2016-0787 CVE-2016-5418 CVE-2016-5423 CVE-2016-5424 CVE-2016-5824 CVE-2016-5827 CVE-2016-5844 CVE-2016-6250 CVE-2016-6321 CVE-2016-6354 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2016-9584 CVE-2017-3302 CVE-2017-3313 CVE-2018-15750 CVE-2018-15751 CVE-2019-18904 SUSE-SU-2015:0669-1 SUSE-SU-2016:0225-1 SUSE-SU-2016:0625-1 SUSE-SU-2016:2896-1 SUSE-SU-2016:2911-1 SUSE-SU-2017:1315-1 SUSE-SU-2018:3815-1 SUSE-SU-2020:0260-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.0 NonFree openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND libXdmcp6-1.1.2-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.0 NonFree is installed AND opera-54.0.2952.41-lp150.2.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libssh2-1-1.8.0-lp151.6.3 is installed OR libssh2-1-32bit-1.8.0-lp151.6.3 is installed OR libssh2-devel-1.8.0-lp151.6.3 is installed OR libssh2_org-1.8.0-lp151.6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND wireshark-1.8.12-0.2 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-31.4.0esr-0.8 is installed OR MozillaFirefox-translations-31.4.0esr-0.8 is installed OR libfreebl3-3.17.3-0.8 is installed OR libfreebl3-32bit-3.17.3-0.8 is installed OR libsoftokn3-3.17.3-0.8 is installed OR libsoftokn3-32bit-3.17.3-0.8 is installed OR mozilla-nss-3.17.3-0.8 is installed OR mozilla-nss-32bit-3.17.3-0.8 is installed OR mozilla-nss-tools-3.17.3-0.8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND dhcpcd-3.2.3-45.5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information libssh2-1-1.4.3-11 is installed OR libssh2-1-32bit-1.4.3-11 is installed OR libssh2_org-1.4.3-11 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libssh-0.6.3-11 is installed OR libssh4-0.6.3-11 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libecpg6-9.4.9-14 is installed OR libpq5-9.4.9-14 is installed OR libpq5-32bit-9.4.9-14 is installed OR postgresql94-9.4.9-14 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND bogofilter-1.2.4-5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libical1-1.0.1-16.3 is installed OR libical1-32bit-1.0.1-16.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information salt-2018.3.0-5.20 is installed OR salt-api-2018.3.0-5.20 is installed OR salt-cloud-2018.3.0-5.20 is installed OR salt-fish-completion-2018.3.0-5.20 is installed OR salt-master-2018.3.0-5.20 is installed OR salt-proxy-2018.3.0-5.20 is installed OR salt-ssh-2018.3.0-5.20 is installed OR salt-syndic-2018.3.0-5.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-9 is installed OR aaa_base-extras-13.2+git20140911.61c1681-9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xen-4.5.5_24-22.46 is installed OR xen-doc-html-4.5.5_24-22.46 is installed OR xen-kmp-default-4.5.5_24_k3.12.74_60.64.85-22.46 is installed OR xen-libs-4.5.5_24-22.46 is installed OR xen-libs-32bit-4.5.5_24-22.46 is installed OR xen-tools-4.5.5_24-22.46 is installed OR xen-tools-domU-4.5.5_24-22.46 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information gdk-pixbuf-loader-rsvg-2.40.15-4 is installed OR librsvg-2-2-2.40.15-4 is installed OR librsvg-2-2-32bit-2.40.15-4 is installed OR rsvg-view-2.40.15-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information ghostscript-9.26-23.16 is installed OR ghostscript-x11-9.26-23.16 is installed OR libspectre-0.2.7-12.4 is installed OR libspectre1-0.2.7-12.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_114-92_67-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_19-10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information res-signingkeys-3.0.37-52.23 is installed OR smt-3.0.37-52.23 is installed OR smt-support-3.0.37-52.23 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information audiofile-0.3.6-10 is installed OR libaudiofile1-0.3.6-10 is installed OR libaudiofile1-32bit-0.3.6-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.55 is installed OR libopenssl1_0_0-1.0.2j-60.55 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed OR openssl-1.0.2j-60.55 is installed OR openssl-doc-1.0.2j-60.55 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_140-94_42-default-10-2 is installed OR kgraft-patch-SLE12-SP3_Update_15-10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND clamav-0.100.1-33.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bzip2-1.0.6-29 is installed OR bzip2-doc-1.0.6-29 is installed OR libbz2-1-1.0.6-29 is installed OR libbz2-1-32bit-1.0.6-29 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-bson-1_11-1.11.1-2 is installed
Definition Synopsis
SUSE OpenStack Cloud 6-LTSS is installed AND Package Information ruby2.1-rubygem-puma-2.16.0-4.3 is installed OR rubygem-puma-2.16.0-4.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-60.4.0esr-109.55 is installed OR MozillaFirefox-devel-60.4.0esr-109.55 is installed OR MozillaFirefox-translations-common-60.4.0esr-109.55 is installed OR libfreebl3-3.40.1-58.18 is installed OR libfreebl3-32bit-3.40.1-58.18 is installed OR libsoftokn3-3.40.1-58.18 is installed OR libsoftokn3-32bit-3.40.1-58.18 is installed OR mozilla-nspr-4.20-19.6 is installed OR mozilla-nspr-32bit-4.20-19.6 is installed OR mozilla-nss-3.40.1-58.18 is installed OR mozilla-nss-32bit-3.40.1-58.18 is installed OR mozilla-nss-certs-3.40.1-58.18 is installed OR mozilla-nss-certs-32bit-3.40.1-58.18 is installed OR mozilla-nss-sysinit-3.40.1-58.18 is installed OR mozilla-nss-sysinit-32bit-3.40.1-58.18 is installed OR mozilla-nss-tools-3.40.1-58.18 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND cobbler-2.6.6-49.9 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-Werkzeug-0.14.1-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libmariadb3-3.0.3-3.3 is installed OR mariadb-10.2.15-4.3 is installed OR mariadb-client-10.2.15-4.3 is installed OR mariadb-connector-c-3.0.3-3.3 is installed OR mariadb-errormessages-10.2.15-4.3 is installed OR mariadb-galera-10.2.15-4.3 is installed OR mariadb-tools-10.2.15-4.3 is installed OR xtrabackup-2.4.10-4.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1566321308.1de18b9a4-3.7 is installed OR crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.7 is installed OR crowbar-ha-6.0+git.1566406179.7549de2-3.7 is installed OR crowbar-openstack-6.0+git.1566404979.41279a88e-3.7 is installed OR crowbar-ui-1.3.0+git.1563181545.65360af5-8 is installed OR openstack-ceilometer-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-central-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-compute-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-agent-notification-11.0.2~dev14-3.7 is installed OR openstack-ceilometer-polling-11.0.2~dev14-3.7 is installed OR openstack-cinder-13.0.7~dev3-3.7 is installed OR openstack-cinder-api-13.0.7~dev3-3.7 is installed OR openstack-cinder-backup-13.0.7~dev3-3.7 is installed OR openstack-cinder-scheduler-13.0.7~dev3-3.7 is installed OR openstack-cinder-volume-13.0.7~dev3-3.7 is installed OR openstack-designate-7.0.1~dev21-3.7 is installed OR openstack-designate-agent-7.0.1~dev21-3.7 is installed OR openstack-designate-api-7.0.1~dev21-3.7 is installed OR openstack-designate-central-7.0.1~dev21-3.7 is installed OR openstack-designate-producer-7.0.1~dev21-3.7 is installed OR openstack-designate-sink-7.0.1~dev21-3.7 is installed OR openstack-designate-worker-7.0.1~dev21-3.7 is installed OR openstack-heat-11.0.3~dev19-3.7 is installed OR openstack-heat-api-11.0.3~dev19-3.7 is installed OR openstack-heat-api-cfn-11.0.3~dev19-3.7 is installed OR openstack-heat-engine-11.0.3~dev19-3.7 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev19-3.7 is installed OR openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed OR openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed OR openstack-ironic-11.1.4~dev9-3.7 is installed OR openstack-ironic-api-11.1.4~dev9-3.7 is installed OR openstack-ironic-conductor-11.1.4~dev9-3.7 is installed OR openstack-ironic-python-agent-3.3.3~dev4-3.7 is installed OR openstack-keystone-14.1.1~dev8-3.7 is installed OR openstack-magnum-7.1.1~dev28-3.7 is installed OR openstack-magnum-api-7.1.1~dev28-3.7 is installed OR openstack-magnum-conductor-7.1.1~dev28-3.7 is installed OR openstack-manila-7.3.1~dev3-4.7 is installed OR openstack-manila-api-7.3.1~dev3-4.7 is installed OR openstack-manila-data-7.3.1~dev3-4.7 is installed OR openstack-manila-scheduler-7.3.1~dev3-4.7 is installed OR openstack-manila-share-7.3.1~dev3-4.7 is installed OR openstack-monasca-notification-1.14.2~dev1-6.7 is installed OR openstack-monasca-persister-1.12.1~dev9-9 is installed OR openstack-monasca-persister-java-1.12.1~dev9-9 is installed OR openstack-neutron-13.0.5~dev22-3.7 is installed OR openstack-neutron-dhcp-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-gbp-5.0.1~dev459-3.7 is installed OR openstack-neutron-ha-tool-13.0.5~dev22-3.7 is installed OR openstack-neutron-l3-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-lbaas-13.0.1~dev14-3.7 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev14-3.7 is installed OR openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-macvtap-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-metadata-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-metering-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-openvswitch-agent-13.0.5~dev22-3.7 is installed OR openstack-neutron-server-13.0.5~dev22-3.7 is installed OR openstack-nova-18.2.2~dev9-3.7 is installed OR openstack-nova-api-18.2.2~dev9-3.7 is installed OR openstack-nova-cells-18.2.2~dev9-3.7 is installed OR openstack-nova-compute-18.2.2~dev9-3.7 is installed OR openstack-nova-conductor-18.2.2~dev9-3.7 is installed OR openstack-nova-console-18.2.2~dev9-3.7 is installed OR openstack-nova-novncproxy-18.2.2~dev9-3.7 is installed OR openstack-nova-placement-api-18.2.2~dev9-3.7 is installed OR openstack-nova-scheduler-18.2.2~dev9-3.7 is installed OR openstack-nova-serialproxy-18.2.2~dev9-3.7 is installed OR openstack-nova-vncproxy-18.2.2~dev9-3.7 is installed OR openstack-octavia-3.1.2~dev8-3.7 is installed OR openstack-octavia-amphora-agent-3.1.2~dev8-3.7 is installed OR openstack-octavia-api-3.1.2~dev8-3.7 is installed OR openstack-octavia-health-manager-3.1.2~dev8-3.7 is installed OR openstack-octavia-housekeeping-3.1.2~dev8-3.7 is installed OR openstack-octavia-worker-3.1.2~dev8-3.7 is installed OR openstack-tempest-19.0.0-12 is installed OR openstack-tempest-test-19.0.0-12 is installed OR python-ceilometer-11.0.2~dev14-3.7 is installed OR python-cinder-13.0.7~dev3-3.7 is installed OR python-cinder-tempest-plugin-0.1.0-8 is installed OR python-designate-7.0.1~dev21-3.7 is installed OR python-heat-11.0.3~dev19-3.7 is installed OR python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed OR python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed OR python-ironic-11.1.4~dev9-3.7 is installed OR python-ironicclient-2.5.3-4.7 is installed OR python-ironicclient-doc-2.5.3-4.7 is installed OR python-keystone-14.1.1~dev8-3.7 is installed OR python-keystonemiddleware-5.2.0-8 is installed OR python-magnum-7.1.1~dev28-3.7 is installed OR python-manila-7.3.1~dev3-4.7 is installed OR python-monasca-notification-1.14.2~dev1-6.7 is installed OR python-monasca-persister-1.12.1~dev9-9 is installed OR python-monasca-tempest-plugin-0.3.0-8 is installed OR python-neutron-13.0.5~dev22-3.7 is installed OR python-neutron-gbp-5.0.1~dev459-3.7 is installed OR python-neutron-lbaas-13.0.1~dev14-3.7 is installed OR python-nova-18.2.2~dev9-3.7 is installed OR python-octavia-3.1.2~dev8-3.7 is installed OR python-openstackclient-3.16.2-8 is installed OR python-openstacksdk-0.17.3-8 is installed OR python-proliantutils-2.8.4-8 is installed OR python-tempest-19.0.0-12 is installed OR python-vmware-nsx-13.0.1~dev146-9 is installed OR python-vmware-nsxlib-13.0.1~dev24-8 is installed OR yast2-crowbar-3.4.2-8 is installed

BACK