SUSE-SU-2023:3865-1 -- SLES salt, python3-saltID: oval:org.secpod.oval:def:89049653 | Date: (C)2023-12-07 (M)2024-01-03 |
Class: PATCH | Family: unix |
This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtime * Fix broken tests to make them running in the testsuite * Fix detection of Salt codename by "salt_version" execution module * Fix inconsistency in reported version by egg-info metadata * Fix regression: multiple values for keyword argument "saltenv" * Fix the regression of user.present state when group is unset * Fix utf8 handling in "pass" renderer and make it more robust * Fix zypper repositories always being reconfigured * Make sure configured user is properly set by Salt * Prevent possible exceptions on salt.utils.user.get_group_dict * Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses ## Special Instructions and Notes:
Platform: |
SUSE Linux Enterprise Server 15 SP2 |