Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.18376
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.18376
<patchinfo incident="18376"> <issue tracker="bnc" id="1182740">Retail terminal cannot be deployed because failure in salt cmd execution module</issue> <issue tracker="cve" id="2020-28243"/> <issue tracker="cve" id="2021-3144"/> <issue tracker="cve" id="2021-25283"/> <issue tracker="cve" id="2021-25284"/> <issue tracker="cve" id="2021-25281"/> <issue tracker="cve" id="2021-3148"/> <issue tracker="cve" id="2020-28972"/> <issue tracker="cve" id="2020-35662"/> <issue tracker="cve" id="2021-3197"/> <issue tracker="cve" id="2021-25282"/> <issue tracker="bnc" id="1181559">VUL-0: CVE-2021-25281: salt: API does not honor eAuth credentials for the wheel_async client</issue> <issue tracker="bnc" id="1181556">VUL-0: CVE-2020-28243: salt: possible privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory</issue> <issue tracker="bnc" id="1181563">VUL-0: CVE-2021-25284: salt: Salt.modules.cmdmod can log credential to the “error” log level</issue> <issue tracker="bnc" id="1181558">VUL-0: CVE-2021-3148: salt: possible command injection when sending crafted web requests to the Salt API via SSH client</issue> <issue tracker="bnc" id="1181565">VUL-0: CVE-2020-35662: salt: certain modules do not always validated SSL certificates</issue> <issue tracker="bnc" id="1181550">VUL-0: salt: February 2021 release</issue> <issue tracker="bnc" id="1181557">VUL-0: CVE-2020-28972: salt: authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate</issue> <issue tracker="bnc" id="1181560">VUL-0: CVE-2021-25282: salt: salt.wheel.pillar_roots.write method is vulnerable to directory traversal</issue> <issue tracker="bnc" id="1181562">VUL-0: CVE-2021-3144: salt: eauth tokens can be used once after expiration</issue> <issue tracker="bnc" id="1181561">VUL-0: CVE-2021-25283: salt: jinja render does not protect against server-side template injection attacks</issue> <issue tracker="bnc" id="1181564">VUL-0: CVE-2021-3197: salt: Salt-API's SSH client is vulnerable to a shell injection by including ProxyCommand in an argument</issue> <packager>juliogonzalezgil</packager> <rating>critical</rating> <category>security</category> <summary>Security update for salt</summary> <description>This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True </description> <zypp_restart_needed/> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor