SUSE-SU-2024:0506-1 -- SLES salt, python3-saltID: oval:org.secpod.oval:def:89051470 | Date: (C)2024-04-26 (M)2024-04-26 |
Class: PATCH | Family: unix |
This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh loads beacons from pillar without restart * Fix the aptpkg.py unit test failure * Prefer unittest.mock to python-mock in test suite * Enable "KeepAlive" probes for Salt SSH executions * Revert changes to set Salt configured user early in the stack * Align behavior of some modules when using salt-call via symlink * Fix gitfs " **env** " and improve cache cleaning * Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed ## Special Instructions and Notes:
Platform: |
SUSE Linux Enterprise Server 15 SP1 |