{"affected":[{"ecosystem_specific":{"binaries":[{"python3-salt":"3002.2-150300.53.10.1","salt":"3002.2-150300.53.10.1","salt-api":"3002.2-150300.53.10.1","salt-bash-completion":"3002.2-150300.53.10.1","salt-cloud":"3002.2-150300.53.10.1","salt-doc":"3002.2-150300.53.10.1","salt-fish-completion":"3002.2-150300.53.10.1","salt-master":"3002.2-150300.53.10.1","salt-minion":"3002.2-150300.53.10.1","salt-proxy":"3002.2-150300.53.10.1","salt-ssh":"3002.2-150300.53.10.1","salt-standalone-formulas-configuration":"3002.2-150300.53.10.1","salt-syndic":"3002.2-150300.53.10.1","salt-transactional-update":"3002.2-150300.53.10.1","salt-zsh-completion":"3002.2-150300.53.10.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"salt","purl":"pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3002.2-150300.53.10.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for salt fixes the following issues:\n\n- CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)\n- CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)\n- CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)\n- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)\n","id":"openSUSE-SU-2022:1059-1","modified":"2022-03-30T15:33:09Z","published":"2022-03-30T15:33:09Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M6VBWD2MJTOPNB6DMK7CF6TQJ4N7ZFUD/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197417"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22934"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22941"}],"related":["CVE-2022-22934","CVE-2022-22935","CVE-2022-22936","CVE-2022-22941"],"summary":"Security update for salt","upstream":["CVE-2022-22934","CVE-2022-22935","CVE-2022-22936","CVE-2022-22941"]}