{"affected":[{"ecosystem_specific":{"binaries":[{"python2-salt":"2018.3.0-5.20.1","python3-salt":"2018.3.0-5.20.1","salt":"2018.3.0-5.20.1","salt-bash-completion":"2018.3.0-5.20.1","salt-doc":"2018.3.0-5.20.1","salt-minion":"2018.3.0-5.20.1","salt-zsh-completion":"2018.3.0-5.20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2018.3.0-5.20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"salt-api":"2018.3.0-5.20.1","salt-cloud":"2018.3.0-5.20.1","salt-fish-completion":"2018.3.0-5.20.1","salt-master":"2018.3.0-5.20.1","salt-proxy":"2018.3.0-5.20.1","salt-ssh":"2018.3.0-5.20.1","salt-syndic":"2018.3.0-5.20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2018.3.0-5.20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for salt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).\n- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).\n\nNon-security issues fixed:\n\n- Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).\n- Fixed async call to process manager (bsc#1110938).\n- Fixed OS arch detection when RPM is not installed (bsc#1114197).\n","id":"SUSE-SU-2018:3815-1","modified":"2018-11-20T10:30:06Z","published":"2018-11-20T10:30:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183815-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1110938"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113698"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113699"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113784"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114197"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15750"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15751"}],"related":["CVE-2018-15750","CVE-2018-15751"],"summary":"Security update for salt","upstream":["CVE-2018-15750","CVE-2018-15751"]}