SUSE-SU-2023:4390-1 -- SLES salt, python3-saltID: oval:org.secpod.oval:def:89051086 | Date: (C)2024-01-23 (M)2024-01-23 |
Class: PATCH | Family: unix |
This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state * Rename salt-tests to python3-salt-testsuite * CVE-2023-34049: arbitrary code execution via symlink attack * Allow all primitive grain types for autosign_grains ## Special Instructions and Notes:
Platform: |
SUSE Linux Enterprise Server 15 SP1 |