{"affected":[{"ecosystem_specific":{"binaries":[{"python3-salt":"3006.0-150100.117.1","salt":"3006.0-150100.117.1","salt-api":"3006.0-150100.117.1","salt-bash-completion":"3006.0-150100.117.1","salt-cloud":"3006.0-150100.117.1","salt-doc":"3006.0-150100.117.1","salt-fish-completion":"3006.0-150100.117.1","salt-master":"3006.0-150100.117.1","salt-minion":"3006.0-150100.117.1","salt-proxy":"3006.0-150100.117.1","salt-ssh":"3006.0-150100.117.1","salt-standalone-formulas-configuration":"3006.0-150100.117.1","salt-syndic":"3006.0-150100.117.1","salt-transactional-update":"3006.0-150100.117.1","salt-zsh-completion":"3006.0-150100.117.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-150100.117.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-salt":"3006.0-150100.117.1","salt":"3006.0-150100.117.1","salt-api":"3006.0-150100.117.1","salt-bash-completion":"3006.0-150100.117.1","salt-cloud":"3006.0-150100.117.1","salt-doc":"3006.0-150100.117.1","salt-fish-completion":"3006.0-150100.117.1","salt-master":"3006.0-150100.117.1","salt-minion":"3006.0-150100.117.1","salt-proxy":"3006.0-150100.117.1","salt-ssh":"3006.0-150100.117.1","salt-standalone-formulas-configuration":"3006.0-150100.117.1","salt-syndic":"3006.0-150100.117.1","salt-transactional-update":"3006.0-150100.117.1","salt-zsh-completion":"3006.0-150100.117.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-150100.117.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for salt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory\n  on the master (bsc#1219430)\n- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file\n  method (bsc#1219431)\n\nBugs fixed:\n\n- Ensure that pillar refresh loads beacons from pillar without restart\n- Fix the aptpkg.py unit test failure\n- Prefer unittest.mock to python-mock in test suite\n- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)\n- Revert changes to set Salt configured user early in the stack (bsc#1216284)\n- Align behavior of some modules when using salt-call via symlink (bsc#1215963)\n- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)\n- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed\n","id":"SUSE-SU-2024:0506-1","modified":"2024-02-15T13:40:54Z","published":"2024-02-15T13:40:54Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240506-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193948"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215963"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216284"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219430"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219431"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22231"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22232"}],"related":["CVE-2024-22231","CVE-2024-22232"],"summary":"Security update for salt","upstream":["CVE-2024-22231","CVE-2024-22232"]}