SLE-Micro 5.5 Error message when starting venv-salt-minion: SELinux is preventing su from using the transition access on a process SLE Micro: Different behavior for Salt SSH minions when classic Salt or venv-salt-minion is already installed VUL-0: CVE-2024-3651: python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() Image inspection fails on built container image with code 2 VUL-0: CVE-2024-0397: python,python3,python310,python311,python312,python36,python39: memory race condition in ssl.SSLContext certificate store methods VUL-0: CVE-2024-4032: python,python3,python310,python311,python312,python36,python39: incorrect IPv4 and IPv6 private ranges VUL-0: CVE-2024-37891: python-urllib3: proxy-authorization request header is not stripped during cross-origin redirects VUL-0: CVE-2024-5569: python-zipp: A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinit ... VUL-0: CVE-2024-6345: python-setuptools: code execution via download functions in the package_index module in pypa/setuptools VUL-0: CVE-2024-6923: python,python3,python310,python311,python312,python36,python39: CPython : Email header injection due to unquoted newlines python3-salt is missing a 'def...' code for salt-cloud Window venv-salt-minion service fails to start on the minion VUL-0: CVE-2024-37891: venv-salt-minion: python-urllib3: proxy-authorization request header is not stripped during cross-origin redirects VUL-0: CVE-2024-8088: python310,python311,python312,python39: denial of service in zipfile PTF for python CVE-2024-7592 VUL-0: CVE-2024-3651: venv-salt-minion: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() VUL-0: CVE-2024-6345: venv-salt-minion: python-setuptools: code execution via download functions in the package_index module in pypa/setuptools VUL-0: CVE-2024-5569: venv-salt-minion: python-zipp: A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file VUL-0: CVE-2024-8088: venv-salt-minion: python310,python311,python312,python39: denial of service in zipfile VUL-0: CVE-2024-7592: venv-salt-minion: python, cpython: Uncontrolled CPU resource consumption when in http.cookies module Exceptions with salt reactor L3: System List screen status icon is not updating accurately if "reboot required" flag is present. VUL-0: CVE-2024-22037: SUMA: Database password leaked by systemd uyuni-server-attestation service Redacting JSESSIONID and pxt-session-cookie from the installation log L3: manual execution of zypper commands is not indicated in Events -> History on 15SP6 clients deneb_alpha important security

Security update for SUSE Manager Client Tools and Salt Bundle

This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: - Security issues fixed: * Version 0.1.24-0 * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) - Other bugs fixed: * Version 0.1.24-0 * Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) venv-salt-minion: - Security fixes on Python 3.11 interpreter: * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059) * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058) * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448) * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447) - Security fixes on Python dependencies: * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996) * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995) * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994) * CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654) - Other bugs fixed: * Added passlib Python module to the bundle * Allow NamedLoaderContexts to be returned from loader * Avoid crash on wrong output of systemctl version (bsc#1229539) * Avoid explicit reading of /etc/salt/minion (bsc#1220357) * Enable post_start_cleanup.sh to work in a transaction * Fixed cloud Minion configuration for multiple Masters (bsc#1229109) * Fixed failing x509 tests with OpenSSL < 1.1 * Fixed the SELinux context for Salt Minion service (bsc#1219041) * Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045) * Improved error handling with different OpenSSL versions * Increase warn_until_date date for code we still support * Prevent using SyncWrapper with no reason * Reverted the change making reactor less blocking (bsc#1230322) * Use --cachedir for extension_modules in salt-call (bsc#1226141) * Use Pygit2 id instead of deprecated oid in gitfs saltbundlepy saltbundlepy-cryptography saltbundlepy-docker saltbundlepy-idna saltbundlepy-passlib saltbundlepy-passlib:test saltbundlepy-setuptools saltbundlepy-urllib3 saltbundlepy-zipp saltbundlepy-zypp-plugin saltbundlepy:base uyuni-tools venv-salt-minion