{"affected":[],"aliases":[],"details":"This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Fix the regression caused by the patch removing strict requirement for\n  OpenSSL 1.1.1 leading to read/write issues with ssl module for\n  SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556)\n- Fixes for Python 3.10\n- Fix salt-ssh opts poisoning (bsc#1197637)\n- Fix multiple security issues (bsc#1197417)\n  * CVE-2022-22935: Sign authentication replies to prevent MiTM.\n  * CVE-2022-22934: Sign pillar data to prevent MiTM attacks.\n  * CVE-2022-22936: Prevent job and fileserver replays.\n  * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.\n- Salt version bump to 3004\n- Python version bump to 3.10.2\n\n","id":"SUSE-SU-2022:1514-1","modified":"2022-05-04T08:18:47Z","published":"2022-05-04T08:18:47Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221514-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197417"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198556"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22934"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22941"}],"related":["CVE-2022-22934","CVE-2022-22935","CVE-2022-22936","CVE-2022-22941"],"summary":"Security Beta update for SUSE Manager Salt Bundle","upstream":["CVE-2022-22934","CVE-2022-22935","CVE-2022-22936","CVE-2022-22941"]}