{"affected":[{"ecosystem_specific":{"binaries":[{"salt":"2016.11.4-43.10.2","salt-doc":"2016.11.4-43.10.2","salt-minion":"2016.11.4-43.10.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-CLIENT-TOOLS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2016.11.4-43.10.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"salt":"2016.11.4-43.10.2","salt-doc":"2016.11.4-43.10.2","salt-minion":"2016.11.4-43.10.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-CLIENT-TOOLS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2016.11.4-43.10.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for salt fixes one security issue and bugs.\n\nThe following security issues have been fixed:\n\n- CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect\n  credentials to authenticate to a master via a crafted minion ID. (bsc#1062462)\n- CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication \n  request. (bsc#1062464)\n\nAdditionally, the following non-security issues have been fixed:\n\n- Removed deprecation warning for beacon configuration using dictionaries. (bsc#1041993)\n- Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230)\n- Fixed minion resource exhaustion when many functions are being executed in parallel. (bsc#1059758)\n- Remove 'TasksTask' attribute from salt-master.service in older versions of systemd. (bsc#985112)\n- Fix for delete_deployment in Kubernetes module. (bsc#1059291)\n- Catching error when PIDfile cannot be deleted. (bsc#1050003)\n- Use $HOME to get the user home directory instead using '~' char. (bsc#1042749)\n","id":"SUSE-SU-2017:3381-1","modified":"2017-12-20T11:22:47Z","published":"2017-12-20T11:22:47Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173381-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1041993"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042749"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050003"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059291"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059758"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060230"},{"type":"REPORT","url":"https://bugzilla.suse.com/1062462"},{"type":"REPORT","url":"https://bugzilla.suse.com/1062464"},{"type":"REPORT","url":"https://bugzilla.suse.com/985112"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14696"}],"related":["CVE-2017-14695","CVE-2017-14696"],"summary":"Security update for Salt","upstream":["CVE-2017-14695","CVE-2017-14696"]}