SLE-Micro 5.5 Error message when starting venv-salt-minion: SELinux is preventing su from using the transition access on a process SLE Micro: Different behavior for Salt SSH minions when classic Salt or venv-salt-minion is already installed VUL-0: CVE-2024-3651: python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() Image inspection fails on built container image with code 2 VUL-0: CVE-2024-0397: python,python3,python310,python311,python312,python36,python39: memory race condition in ssl.SSLContext certificate store methods VUL-0: CVE-2024-4032: python,python3,python310,python311,python312,python36,python39: incorrect IPv4 and IPv6 private ranges VUL-0: CVE-2024-37891: python-urllib3: proxy-authorization request header is not stripped during cross-origin redirects VUL-0: CVE-2024-5569: python-zipp: A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinit ... VUL-0: CVE-2024-6345: python-setuptools: code execution via download functions in the package_index module in pypa/setuptools VUL-0: CVE-2024-6923: python,python3,python310,python311,python312,python36,python39: CPython : Email header injection due to unquoted newlines python3-salt is missing a 'def...' code for salt-cloud Window venv-salt-minion service fails to start on the minion VUL-0: CVE-2024-37891: venv-salt-minion: python-urllib3: proxy-authorization request header is not stripped during cross-origin redirects VUL-0: CVE-2024-8088: python310,python311,python312,python39: denial of service in zipfile PTF for python CVE-2024-7592 VUL-0: CVE-2024-3651: venv-salt-minion: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() VUL-0: CVE-2024-6345: venv-salt-minion: python-setuptools: code execution via download functions in the package_index module in pypa/setuptools VUL-0: CVE-2024-5569: venv-salt-minion: python-zipp: A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file VUL-0: CVE-2024-8088: venv-salt-minion: python310,python311,python312,python39: denial of service in zipfile VUL-0: CVE-2024-7592: venv-salt-minion: python, cpython: Uncontrolled CPU resource consumption when in http.cookies module Exceptions with salt reactor raulosuna important security

Security update for SUSE Manager Client Tools and Salt Bundle

This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: - Security fixes on Python 3.11 interpreter: * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059) * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058) * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448) * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447) - Security fixes on Python dependencies: * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996) * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995) * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994) * CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654) - Other bugs fixed: * Fixed failing x509 tests with OpenSSL < 1.1 * Avoid explicit reading of /etc/salt/minion (bsc#1220357) * Allow NamedLoaderContexts to be returned from loader * Reverted the change making reactor less blocking (bsc#1230322) * Use --cachedir for extension_modules in salt-call (bsc#1226141) * Prevent using SyncWrapper with no reason * Enable post_start_cleanup.sh to work in a transaction * Fixed the SELinux context for Salt Minion service (bsc#1219041) * Increase warn_until_date date for code we still support * Avoid crash on wrong output of systemctl version (bsc#1229539) * Improved error handling with different OpenSSL versions * Fixed cloud Minion configuration for multiple Masters (bsc#1229109) * Use Pygit2 id instead of deprecated oid in gitfs * Added passlib Python module to the bundle saltbundlepy saltbundlepy-cryptography saltbundlepy-docker saltbundlepy-idna saltbundlepy-passlib saltbundlepy-passlib:test saltbundlepy-setuptools saltbundlepy-urllib3 saltbundlepy-zipp saltbundlepy:base uyuni-tools venv-salt-minion