Bug 1185281 (CVE-2021-31607) - VUL-0: CVE-2021-31607: salt: Command injection in the snapper module
Summary: VUL-0: CVE-2021-31607: salt: Command injection in the snapper module
Status: RESOLVED FIXED
Alias: CVE-2021-31607
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/282797/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-31607:7.0:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-26 08:04 UTC by Alexander Bergmann
Modified: 2023-03-01 10:18 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-04-26 08:04:56 UTC
rh#1953065

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

References:

https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1953065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31607
https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
Comment 9 Pablo Suárez Hernández 2021-05-12 11:14:04 UTC
This is now fixed by: https://github.com/openSUSE/salt/commit/299beb056a08ca6171dba56f4fc463a0186718f2

We backported the above fix to all affected Salt versions currently maintained:

- Salt 2016.11.10
- Salt 3000
- Salt 3000.3
- Salt 3002.2

I think this now done on our side. Setting assignee back to Security.
Comment 13 Swamp Workflow Management 2021-05-21 19:17:34 UTC
SUSE-SU-2021:1693-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1185092,1185281
CVE References: CVE-2021-31607
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-05-21 19:20:59 UTC
SUSE-SU-2021:14733-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-05-21 19:24:19 UTC
SUSE-SU-2021:14734-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2021-05-21 19:29:19 UTC
SUSE-SU-2021:1688-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1173692,1185092,1185281
CVE References: CVE-2021-31607
JIRA References: 
Sources used:
SUSE Manager Tools 12-BETA (src):    salt-3000-49.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2021-05-21 19:30:38 UTC
SUSE-SU-2021:14732-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1177884,1185178,1185281
CVE References: CVE-2021-31607
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (src):    mgr-daemon-4.2.7-8.12.1, mgr-osad-4.2.5-8.15.1, salt-2016.11.10-46.18.1, spacecmd-4.2.8-21.24.1, spacewalk-client-tools-4.2.10-30.30.1
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (src):    mgr-daemon-4.2.7-8.12.1, mgr-osad-4.2.5-8.15.1, salt-2016.11.10-46.18.1, spacecmd-4.2.8-21.24.1, spacewalk-client-tools-4.2.10-30.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2021-05-21 19:34:00 UTC
SUSE-SU-2021:1690-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:
SUSE Manager Tools 15-BETA (src):    salt-3002.2-8.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-05-21 19:38:31 UTC
SUSE-SU-2021:1694-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2021-06-10 19:16:59 UTC
SUSE-SU-2021:1951-1: An update that solves one vulnerability, contains three features and has one errata is now available.

Category: security (important)
Bug References: 1185281,1186674
CVE References: CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src):    salt-3002.2-8.41.8.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    salt-3002.2-8.41.8.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    salt-3002.2-8.41.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2021-06-21 22:20:53 UTC
SUSE-RU-2021:2099-1: An update that has 38 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1151558,1172711,1175216,1178767,1180673,1180994,1182744,1182954,1183573,1183649,1183845,1183864,1184005,1184286,1184311,1184332,1184351,1184361,1184471,1184475,1184561,1184617,1184849,1184892,1184929,1184940,1185042,1185097,1185281,1185506,1185568,1185965,1186025,1186124,1186346,1186508,1186765,1186858
CVE References: 
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    release-notes-susemanager-4.1.8.1-3.52.1
SUSE Manager Retail Branch Server 4.1 (src):    release-notes-susemanager-proxy-4.1.8-3.35.1
SUSE Manager Proxy 4.1 (src):    release-notes-susemanager-proxy-4.1.8-3.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2021-06-21 22:26:17 UTC
SUSE-SU-2021:2098-1: An update that solves two vulnerabilities and has 35 fixes is now available.

Category: security (moderate)
Bug References: 1151558,1172711,1175216,1178767,1180673,1182744,1183573,1183649,1183845,1183864,1184005,1184286,1184311,1184332,1184351,1184361,1184471,1184475,1184561,1184617,1184849,1184892,1184929,1184940,1185042,1185097,1185281,1185506,1185568,1185965,1186025,1186124,1186346,1186508,1186765,1186852,1186858
CVE References: CVE-2021-28657,CVE-2021-31607
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    cobbler-3.0.0+git20190806.32c4bae0-5.11.1, golang-github-prometheus-node_exporter-1.1.2-3.6.5, grafana-formula-0.4.1-3.9.2, patterns-suse-manager-4.1-6.9.2, prometheus-exporters-formula-0.9.1-3.22.1, py26-compat-salt-2016.11.10-6.14.2, py27-compat-salt-3000.3-6.3.2, spacewalk-admin-4.1.9-3.12.2, spacewalk-backend-4.1.25-4.32.6, spacewalk-branding-4.1.12-3.12.2, spacewalk-certs-tools-4.1.17-3.17.2, spacewalk-java-4.1.36-3.44.1, spacewalk-utils-4.1.16-3.18.2, spacewalk-web-4.1.26-3.24.8, susemanager-4.1.26-3.25.1, susemanager-build-keys-15.2.4-3.17.1, susemanager-doc-indexes-4.1-11.34.8, susemanager-docs_en-4.1-11.34.2, susemanager-schema-4.1.21-3.30.6, susemanager-sls-4.1.28-3.42.1, susemanager-sync-data-4.1.14-3.23.2, tika-core-1.26-3.5.2, uyuni-common-libs-4.1.8-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2021-06-21 22:36:37 UTC
SUSE-RU-2021:2115-1: An update that has 19 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1172711,1182817,1184005,1184283,1184311,1184332,1184361,1184471,1184475,1184561,1184617,1184861,1184892,1185097,1185281,1185506,1186124,1186346,1186508
CVE References: 
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    release-notes-susemanager-4.0.14-3.74.1
SUSE Manager Retail Branch Server 4.0 (src):    release-notes-susemanager-proxy-4.0.14-0.16.58.1
SUSE Manager Proxy 4.0 (src):    release-notes-susemanager-proxy-4.0.14-0.16.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2021-06-21 22:39:09 UTC
SUSE-SU-2021:2104-1: An update that solves two vulnerabilities, contains three features and has 8 fixes is now available.

Category: security (critical)
Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    salt-3002.2-8.41.8.1
SUSE Linux Enterprise Server 15-LTSS (src):    salt-3002.2-8.41.8.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    salt-3002.2-8.41.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    salt-3002.2-8.41.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2021-06-21 22:41:54 UTC
SUSE-SU-2021:2111-1: An update that solves two vulnerabilities, contains three features and has 12 fixes is now available.

Category: security (moderate)
Bug References: 1171257,1173557,1176293,1179831,1180583,1180584,1180585,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2021-06-21 22:44:16 UTC
SUSE-SU-2021:2105-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available.

Category: security (critical)
Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
SUSE Manager Server 4.0 (src):    salt-3002.2-37.1
SUSE Manager Retail Branch Server 4.0 (src):    salt-3002.2-37.1
SUSE Manager Proxy 4.0 (src):    salt-3002.2-37.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    salt-3002.2-37.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    salt-3002.2-37.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    salt-3002.2-37.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    salt-3002.2-37.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    salt-3002.2-37.1
SUSE Enterprise Storage 6 (src):    salt-3002.2-37.1
SUSE CaaS Platform 4.0 (src):    salt-3002.2-37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2021-06-21 22:46:03 UTC
SUSE-SU-2021:2102-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (important)
Bug References: 1173692,1179831,1181368,1182281,1185092,1185281
CVE References: CVE-2021-31607
JIRA References: 
Sources used:
SUSE Manager Tools 12 (src):    salt-3000-46.142.2
SUSE Linux Enterprise Module for Advanced Systems Management 12 (src):    salt-3000-46.142.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2021-06-21 22:49:01 UTC
SUSE-SU-2021:2110-1: An update that solves one vulnerability and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1173557,1179831,1180583,1180584,1180585,1181368,1182281,1185092,1185281
CVE References: CVE-2021-31607
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2021-06-21 22:51:00 UTC
SUSE-SU-2021:14753-1: An update that solves one vulnerability and has 7 fixes is now available.

Category: security (important)
Bug References: 1173557,1177884,1177928,1180583,1180584,1180585,1185178,1185281
CVE References: CVE-2021-31607
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src):    golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1, mgr-cfg-4.2.2-5.15.2, mgr-custom-info-4.2.1-5.9.2, mgr-daemon-4.2.7-5.26.1, mgr-osad-4.2.5-5.27.2, mgr-push-4.2.2-5.9.2, mgr-virtualization-4.2.1-5.17.3, rhnlib-4.2.3-12.31.1, salt-2016.11.10-43.75.1, spacecmd-4.2.8-18.84.1, spacewalk-client-tools-4.2.10-27.50.1, spacewalk-koan-4.2.3-9.21.1, spacewalk-oscap-4.2.1-6.15.3, spacewalk-remote-utils-4.2.1-6.18.2, supportutils-plugin-susemanager-client-4.2.2-9.21.1, suseRegisterInfo-4.2.3-6.15.1, uyuni-common-libs-4.2.3-5.12.1
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src):    golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1, mgr-cfg-4.2.2-5.15.2, mgr-custom-info-4.2.1-5.9.2, mgr-daemon-4.2.7-5.26.1, mgr-osad-4.2.5-5.27.2, mgr-push-4.2.2-5.9.2, mgr-virtualization-4.2.1-5.17.3, rhnlib-4.2.3-12.31.1, salt-2016.11.10-43.75.1, spacecmd-4.2.8-18.84.1, spacewalk-client-tools-4.2.10-27.50.1, spacewalk-koan-4.2.3-9.21.1, spacewalk-oscap-4.2.1-6.15.3, spacewalk-remote-utils-4.2.1-6.18.2, supportutils-plugin-susemanager-client-4.2.2-9.21.1, suseRegisterInfo-4.2.3-6.15.1, uyuni-common-libs-4.2.3-5.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2021-06-21 22:55:29 UTC
SUSE-SU-2021:14756-1: An update that solves two vulnerabilities, contains three features and has 12 fixes is now available.

Category: security (moderate)
Bug References: 1171257,1173557,1176293,1179831,1180583,1180584,1180585,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2021-06-21 22:59:36 UTC
SUSE-SU-2021:2114-1: An update that solves two vulnerabilities and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1172711,1182817,1184005,1184283,1184311,1184332,1184361,1184471,1184475,1184561,1184617,1184861,1184892,1185097,1185281,1185506,1186124,1186346,1186508
CVE References: CVE-2021-28657,CVE-2021-31607
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (src):    cobbler-3.0.0+git20190806.32c4bae0-7.22.3, grafana-formula-0.2.3-4.16.3, patterns-suse-manager-4.0-9.19.3, prometheus-exporters-formula-0.7.6-3.19.3, pxe-default-image-sle15-4.0.1-20210621145802, py26-compat-salt-2016.11.10-10.28.3, py27-compat-salt-3000.3-4.3.3, spacewalk-backend-4.0.38-3.47.4, spacewalk-java-4.0.44-3.57.5, spacewalk-utils-4.0.21-3.30.3, spacewalk-web-4.0.28-3.45.1, susemanager-4.0.34-3.52.3, susemanager-doc-indexes-4.0-10.36.4, susemanager-docs_en-4.0-10.36.3, susemanager-sls-4.0.35-3.48.3, tika-core-1.26-3.6.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2021-06-21 23:02:27 UTC
SUSE-SU-2021:2106-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available.

Category: security (critical)
Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
SUSE MicroOS 5.0 (src):    python-distro-1.5.0-3.5.1, salt-3002.2-37.1
SUSE Linux Enterprise Module for Transactional Server 15-SP2 (src):    salt-3002.2-37.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    salt-3002.2-37.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-distro-1.5.0-3.5.1
SUSE Linux Enterprise Module for Python2 15-SP2 (src):    python-distro-1.5.0-3.5.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-distro-1.5.0-3.5.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    python-distro-1.5.0-3.5.1, salt-3002.2-37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2021-06-21 23:05:12 UTC
SUSE-SU-2021:14755-1: An update that solves two vulnerabilities, contains three features and has 12 fixes is now available.

Category: security (moderate)
Bug References: 1171257,1173557,1176293,1179831,1180583,1180584,1180585,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2021-06-23 16:27:23 UTC
openSUSE-SU-2021:0899-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available.

Category: security (critical)
Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
openSUSE Leap 15.2 (src):    salt-3002.2-lp152.3.36.1
Comment 39 Swamp Workflow Management 2021-07-11 14:10:42 UTC
openSUSE-SU-2021:1951-1: An update that solves one vulnerability, contains three features and has one errata is now available.

Category: security (important)
Bug References: 1185281,1186674
CVE References: CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
openSUSE Leap 15.3 (src):    salt-3002.2-8.41.8.1
Comment 40 Swamp Workflow Management 2021-07-11 17:43:38 UTC
openSUSE-SU-2021:2106-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available.

Category: security (critical)
Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674
CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607
JIRA References: ECO-3212,SLE-18028,SLE-18033
Sources used:
openSUSE Leap 15.3 (src):    python-distro-1.5.0-3.5.1
Comment 41 Gabriele Sonnu 2022-04-14 15:27:23 UTC
Done.