Adding patchinfo patchinfo.20241009033558691984.90520733218749
This commit is contained in:
parent
5c9a4323c0
commit
7119120693
94
patchinfo.20241009033558691984.90520733218749/_patchinfo
Normal file
94
patchinfo.20241009033558691984.90520733218749/_patchinfo
Normal file
@ -0,0 +1,94 @@
|
||||
<patchinfo>
|
||||
<!-- generated from request(s) 347896, 347897, 347898, 347899, 347900, 347901, 347902, 347903, 347905, 347907 -->
|
||||
<issue tracker="ijsc" id="MSQA-863"/>
|
||||
<issue tracker="bnc" id="1219041">SLE-Micro 5.5 Error message when starting venv-salt-minion: SELinux is preventing su from using the transition access on a process</issue>
|
||||
<issue tracker="bnc" id="1220357">SLE Micro: Different behavior for Salt SSH minions when classic Salt or venv-salt-minion is already installed</issue>
|
||||
<issue tracker="bnc" id="1222842">VUL-0: CVE-2024-3651: python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()</issue>
|
||||
<issue tracker="bnc" id="1226141">Image inspection fails on built container image with code 2</issue>
|
||||
<issue tracker="bnc" id="1226447">VUL-0: CVE-2024-0397: python,python3,python310,python311,python312,python36,python39: memory race condition in ssl.SSLContext certificate store methods</issue>
|
||||
<issue tracker="bnc" id="1226448">VUL-0: CVE-2024-4032: python,python3,python310,python311,python312,python36,python39: incorrect IPv4 and IPv6 private ranges</issue>
|
||||
<issue tracker="bnc" id="1226469">VUL-0: CVE-2024-37891: python-urllib3: proxy-authorization request header is not stripped during cross-origin redirects</issue>
|
||||
<issue tracker="bnc" id="1227547">VUL-0: CVE-2024-5569: python-zipp: A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinit ...</issue>
|
||||
<issue tracker="bnc" id="1228105">VUL-0: CVE-2024-6345: python-setuptools: code execution via download functions in the package_index module in pypa/setuptools</issue>
|
||||
<issue tracker="bnc" id="1228780">VUL-0: CVE-2024-6923: python,python3,python310,python311,python312,python36,python39: CPython : Email header injection due to unquoted newlines</issue>
|
||||
<issue tracker="bnc" id="1229109">python3-salt is missing a 'def...' code for salt-cloud Window</issue>
|
||||
<issue tracker="bnc" id="1229539">venv-salt-minion service fails to start on the minion</issue>
|
||||
<issue tracker="bnc" id="1229654">VUL-0: CVE-2024-37891: venv-salt-minion: python-urllib3: proxy-authorization request header is not stripped during cross-origin redirects</issue>
|
||||
<issue tracker="bnc" id="1229704">VUL-0: CVE-2024-8088: python310,python311,python312,python39: denial of service in zipfile</issue>
|
||||
<issue tracker="bnc" id="1229873">PTF for python CVE-2024-7592</issue>
|
||||
<issue tracker="bnc" id="1229994">VUL-0: CVE-2024-3651: venv-salt-minion: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()</issue>
|
||||
<issue tracker="bnc" id="1229995">VUL-0: CVE-2024-6345: venv-salt-minion: python-setuptools: code execution via download functions in the package_index module in pypa/setuptools</issue>
|
||||
<issue tracker="bnc" id="1229996">VUL-0: CVE-2024-5569: venv-salt-minion: python-zipp: A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file</issue>
|
||||
<issue tracker="bnc" id="1230058">VUL-0: CVE-2024-8088: venv-salt-minion: python310,python311,python312,python39: denial of service in zipfile</issue>
|
||||
<issue tracker="bnc" id="1230059">VUL-0: CVE-2024-7592: venv-salt-minion: python, cpython: Uncontrolled CPU resource consumption when in http.cookies module</issue>
|
||||
<issue tracker="bnc" id="1230322">Exceptions with salt reactor</issue>
|
||||
<issue tracker="cve" id="2024-7592"/>
|
||||
<issue tracker="cve" id="2024-8088"/>
|
||||
<issue tracker="cve" id="2024-6923"/>
|
||||
<issue tracker="cve" id="2024-4032"/>
|
||||
<issue tracker="cve" id="2024-0397"/>
|
||||
<issue tracker="cve" id="2024-5569"/>
|
||||
<issue tracker="cve" id="2024-6345"/>
|
||||
<issue tracker="cve" id="2024-3651"/>
|
||||
<issue tracker="cve" id="2024-37891"/>
|
||||
<packager>raulosuna</packager>
|
||||
<rating>important</rating>
|
||||
<category>security</category>
|
||||
<summary>Security update for SUSE Manager Client Tools and Salt Bundle</summary>
|
||||
<description>This update for SUSE Manager Client Tools and Salt Bundle the following issues:
|
||||
|
||||
uyuni-tools:
|
||||
|
||||
venv-salt-minion:
|
||||
|
||||
- Security fixes on Python 3.11 interpreter:
|
||||
|
||||
* CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes
|
||||
(bsc#1229873, bsc#1230059)
|
||||
* CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)
|
||||
* CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
|
||||
* CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)
|
||||
* CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the
|
||||
certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)
|
||||
|
||||
- Security fixes on Python dependencies:
|
||||
|
||||
* CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996)
|
||||
* CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)
|
||||
* CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()
|
||||
(bsc#1222842, bsc#1229994)
|
||||
* CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests
|
||||
when redirecting to a different host (bsc#1226469, bsc#1229654)
|
||||
|
||||
- Other bugs fixed:
|
||||
|
||||
* Fixed failing x509 tests with OpenSSL < 1.1
|
||||
* Avoid explicit reading of /etc/salt/minion (bsc#1220357)
|
||||
* Allow NamedLoaderContexts to be returned from loader
|
||||
* Reverted the change making reactor less blocking (bsc#1230322)
|
||||
* Use --cachedir for extension_modules in salt-call (bsc#1226141)
|
||||
* Prevent using SyncWrapper with no reason
|
||||
* Enable post_start_cleanup.sh to work in a transaction
|
||||
* Fixed the SELinux context for Salt Minion service (bsc#1219041)
|
||||
* Increase warn_until_date date for code we still support
|
||||
* Avoid crash on wrong output of systemctl version (bsc#1229539)
|
||||
* Improved error handling with different OpenSSL versions
|
||||
* Fixed cloud Minion configuration for multiple Masters (bsc#1229109)
|
||||
* Use Pygit2 id instead of deprecated oid in gitfs
|
||||
* Added passlib Python module to the bundle
|
||||
</description>
|
||||
<package>saltbundlepy</package>
|
||||
<package>saltbundlepy-cryptography</package>
|
||||
<package>saltbundlepy-docker</package>
|
||||
<package>saltbundlepy-idna</package>
|
||||
<package>saltbundlepy-passlib</package>
|
||||
<package>saltbundlepy-passlib:test</package>
|
||||
<package>saltbundlepy-setuptools</package>
|
||||
<package>saltbundlepy-urllib3</package>
|
||||
<package>saltbundlepy-zipp</package>
|
||||
<package>saltbundlepy:base</package>
|
||||
<package>uyuni-tools</package>
|
||||
<package>venv-salt-minion</package>
|
||||
<seperate_build_arch/>
|
||||
<zypp_restart_needed/>
|
||||
</patchinfo>
|
||||
Loading…
Reference in New Issue
Block a user