{"affected":[{"ecosystem_specific":{"binaries":[{"venv-salt-minion":"3004-150000.3.8.1"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 15","name":"venv-salt-minion","purl":"pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3004-150000.3.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Make sure SaltCacheLoader use correct fileclient (bsc#1199149)\n- Fix the regression caused by the patch removing strict requirement for\n  OpenSSL 1.1.1 leading to read/write issues with ssl module for\n  SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556)\n- Fix salt-ssh opts poisoning (bsc#1197637)\n- Fix multiple security issues (bsc#1197417)\n  * CVE-2022-22935: Sign authentication replies to prevent MiTM.\n  * CVE-2022-22934: Sign pillar data to prevent MiTM attacks.\n  * CVE-2022-22936: Prevent job and fileserver replays.\n  * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.\n- Salt version bump to 3004\n- Python version bump to 3.10.2\n- Clear network interfaces cache on grains request (bsc#1196050)\n- Add salt-ssh with Salt Bundle support (venv-salt-minion)\n  (bsc#1182851, bsc#1196432)\n- Restrict 'state.orchestrate_single' to pass a pillar value if it exists (bsc#1194632)\n\n","id":"SUSE-FU-2022:2042-1","modified":"2022-06-10T09:56:08Z","published":"2022-06-10T09:56:08Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2022-2042/suse-fu-20222042-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182851"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194632"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196432"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197417"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198556"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22934"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22941"}],"related":["CVE-2022-22934","CVE-2022-22935","CVE-2022-22936","CVE-2022-22941"],"summary":"Feature update for SUSE Manager Salt Bundle","upstream":["CVE-2022-22934","CVE-2022-22935","CVE-2022-22936","CVE-2022-22941"]}