{"affected":[{"ecosystem_specific":{"binaries":[{"python311-salt":"3006.0-14.1","salt":"3006.0-14.1","salt-master":"3006.0-14.1","salt-minion":"3006.0-14.1","salt-transactional-update":"3006.0-14.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"salt","purl":"pkg:rpm/suse/salt&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\nsalt:\n\n- Security issues fixed:\n\n  - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)\n  - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)\n  - Backport security fixes for vendored tornado\n    * BDSA-2024-3438\n    * BDSA-2024-3439\n    * BDSA-2024-9026\n\n- Other changes and bugs fixed:\n\n  - Fixed TLS and x509 modules for OSes with older cryptography module\n  - Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)\n    * Use external tornado on Python > 3.11\n    * Make tls and x509 to use python-cryptography\n    * Remove usage of spwd\n  - Fixed payload signature verification on Tumbleweed (bsc#1251776)\n  - Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)\n  - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)\n  - Fixed functional.states.test_user for SLES 16 and Micro systems\n  - Fixed the tests failing on AlmaLinux 10 and other clones\n  - Improved SL Micro 6.2 detection with grains\n  - Require Python dependencies only for used Python version\n  - Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros\n  - Set python-CherryPy as required for python-salt-testsuite\n\nuyuni-tools:\n\n- Version 0.1.37-0\n\n  * Added --registry-host, --registry-user and --registry-password to pull images from an authenticate registry\n  * Added a lowercase version of --logLevel (bsc#1243611)\n  * Added migration for server monitoring configuration (bsc#1247688)\n  * Added SLE15SP7 to buildin productmap\n  * Adjusted traefik exposed configuration for chart v27+ (bsc#1247721)\n  * Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789)\n  * Check for restorecon presence before calling (bsc#1246925)\n  * Convert the traefik install time to local time (bsc#1251138)\n  * Deprecated --registry\n  * Do not require backups to be at the same location for restoring (bsc#1246906)\n  * Do not use sudo when running as a root user (bsc#1246882)\n  * Fixed channel override for distro copy\n  * Fixed loading product map from mgradm configuration file (bsc#1246068)\n  * Fixed recomputing proxy images when installing a ptf or test (bsc#1246553)\n  * Handle CA files with symlinks during migration (bsc#1251044)\n  * Migrate custom auto installation snippets (bsc#1246320)\n  * Run smdba and reindex only during migration (bsc#1244534)\n  * Stop executing scripts in temporary folder (bsc#1243704)\n  * Support config: collect podman inspect for hub container(bsc#1245099)\n  * Use new dedicated path for Cobbler settings (bsc#1244027)\n\n- Version 0.1.36-0\n\n  * Bump the default image tag to 5.0.5.1\n\n- Version 0.1.35-0\n\n  * Restore SELinux contexts for restored backup volumes (bsc#1244127)\n\n- Version 0.1.34-0\n\n  * Fixed mgradm backup create handling of images and systemd files (bsc#1246738)\n\n- Version 0.1.33-0\n\n  * Restore volumes using tar instead of podman import (bsc#1244127)\n\n- Version 0.1.32-0\n\n  * Fixed version compare by backport from main (bsc#1246662)\n\nvenv-salt-minion:\n\n- Security issues fixed:\n\n  - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)\n  - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)\n  - Backport security fixes for vendored tornado\n    * BDSA-2024-3438\n    * BDSA-2024-3439\n    * BDSA-2024-9026\n\n- Other changes and bugs fixed:\n\n  - Added `minion_legacy_req_warnings` option to avoid noisy warnings\n  - Fixed TLS and x509 modules for OSes with older cryptography module\n  - Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)\n\n    * Use external tornado on Python > 3.11\n    * Make tls and x509 to use python-cryptography\n    * Remove usage of spwd\n\n  - Filter out zero-length check as the empty files are expected there\n  - Filter out env-script-interpreter for ssh-id-wrapper as not used\n    with the Salt Bundle, but present inside the salt module\n  - Fixed functional.states.test_user for SLES 16 and Micro systems\n  - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)\n  - Fixed payload signature verification on Tumbleweed (bsc#1251776)\n  - Fixed the tests failing on AlmaLinux 10 and other clones\n  - Improve SL Micro 6.2 detection with grains\n  - Removed unused activate script (bsc#1245740)\n  - Use more strict way to Fixed shebang in the bundle scripts\n  - Use versioned python interpreter for salt-ssh\n\n","id":"SUSE-SU-2025:21216-1","modified":"2025-12-16T07:20:56Z","published":"2025-12-16T07:20:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202521216-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227207"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243704"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244027"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244534"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245099"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245740"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246068"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246320"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246553"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246662"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246738"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246789"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246925"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247688"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247721"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250520"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250755"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251044"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251138"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1252244"},{"type":"REPORT","url":"https://bugzilla.suse.com/1252285"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254256"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254257"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-62348"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-62349"}],"related":["CVE-2025-62348","CVE-2025-62349"],"summary":"Security update 5.0.6 for Multi-Linux Manager Client Tools, Salt and Salt Bundle","upstream":["CVE-2025-62348","CVE-2025-62349"]}