{"affected":[{"ecosystem_specific":{"binaries":[{"salt":"2016.11.4-43.7.1","salt-doc":"2016.11.4-43.7.1","salt-minion":"2016.11.4-43.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-CLIENT-TOOLS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2016.11.4-43.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"salt":"2016.11.4-43.7.1","salt-doc":"2016.11.4-43.7.1","salt-minion":"2016.11.4-43.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-CLIENT-TOOLS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2016.11.4-43.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for salt fixes one security issue and bugs.\n\nThe following security issue has been fixed:\n\n- CVE-2017-12791: Directory traversal vulnerability in minion id validation\n  allowed remote minions with incorrect credentials to authenticate to a master\n  via a crafted minion ID (bsc#1053955).\n\nAdditionally, the following non-security issues have been fixed:\n\n- Added support for SUSE Manager scalability features. (bsc#1052264)\n- Introduced the kubernetes module. (bsc#1051948)\n- Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376)\n","id":"SUSE-SU-2017:2666-1","modified":"2017-10-09T13:38:05Z","published":"2017-10-09T13:38:05Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172666-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051948"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052264"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053376"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053955"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12791"}],"related":["CVE-2017-12791"],"summary":"Security update for salt","upstream":["CVE-2017-12791"]}