Bug 1197417 - (CVE-2022-22934) VUL-0: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941: salt: 3002.8,3004.1 release
(CVE-2022-22934)
VUL-0: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941: salt: 300...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/326993/
CVSSv3.1:SUSE:CVE-2020-22934:8.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-23 08:17 UTC by Marcus Meissner
Modified: 2022-11-17 16:12 UTC (History)
11 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
rfrohl: SHIP_STOPPER?


Attachments
0001-3002.8-CVE-release.patch (212.18 KB, patch)
2022-03-23 08:18 UTC, Marcus Meissner
Details | Diff
0001-3004.1-CVE-release.patch (129.64 KB, patch)
2022-03-23 08:18 UTC, Marcus Meissner
Details | Diff
TID draft (123.56 KB, image/png)
2022-03-28 13:11 UTC, Raúl Osuna
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Marcus Meissner 2022-03-23 08:18:22 UTC
Created attachment 857281 [details]
0001-3002.8-CVE-release.patch

0001-3002.8-CVE-release.patch
Comment 3 Marcus Meissner 2022-03-23 08:18:34 UTC
Created attachment 857282 [details]
0001-3004.1-CVE-release.patch

0001-3004.1-CVE-release.patch
Comment 4 Marcus Meissner 2022-03-23 08:20:17 UTC
CRD: 2022-03-28
Comment 14 Julio González Gil 2022-03-28 14:19:11 UTC
@Robert, submission for Debian9 as well.

Neither the maintainers or myself remembered that Debian9 uses Salt 3000 as well, same as SLE12 and RES7:

https://build.suse.de/request/show/268504
Comment 21 Pablo Suárez Hernández 2022-03-28 14:49:22 UTC
(In reply to Raúl Osuna from comment #18)
> Created attachment 857437 [details]
> TID draft v2
> 
> Sending a new amended version for review, please validate in order to
> proceed further with other needed validations within Support.

- I think we should mention all SUSE SLE15 family (SLE Micro included) and not only SLES15.

- (at the end of "situation"): You mentioned  that salt minion service refused to start. This not true. The service is started and running but not being able to authenticate with master.

- (in "resolution"): The salt master service does not require to be restarted after upgrading, it is automatically restarted. 

- (in "resolution"): we do not need to restart the salt minion service when the salt master is upgraded.

After fixing the above issues I would double check the whole "resolution" part to see if it is consistent now, maybe we need to reword it after adding the fixes.

Thanks in advance!
Comment 25 Marcus Meissner 2022-03-29 06:55:20 UTC
It should all be 2022 cves.

CVE-2022-22934
CVE-2022-22935
CVE-2022-22936
CVE-2022-22941
Comment 29 Robert Frohl 2022-03-29 15:21:40 UTC
public via [0]:


Salt Security Advisory Release

The Salt Project released a security update to Salt to address 4 vulnerabilities with a severity rating of Medium to High. We strongly recommend prioritizing this update. This is a security advisory release.

The following CVEs were fixed as part of this release:
CVE Details

 

CVE-2022-22934

    Description: Salt Masters do not sign pillar data with the minion’s public key.
    Impact: Attackers can substitute arbitrary pillar data.
    Solution: Salt masters include the minion’s id in pillar data responses and then sign the response with the master’s private key. Minions also include a nonce in pillar requests so pillar replies cannot be re-played.
    How to Mitigate:
        Upgrade to 3002.8, 3003.4, or 3004.1
        NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality.
    Attribution: Lenka Mareková <lenka@cloudflare.com>
    Severity Rating: 7.5 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

 

CVE-2022-22935

    Description: Minion authentication denial of service.
    Impact: A MiTM attacker can force a minion process to stop by impersonating a master.
    Solution: Minions include a nonce in their authentication requests and masters include the nonce in a reply signed with the master’s private key.
    How to Mitigate:
        Upgrade to 3002.8, 3003.4, or 3004.1.
        Pre-seed the master’s public key on minions.
        NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality.
    Attribution: Lenka Mareková <lenka@cloudflare.com>
    Severity Rating: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

 

CVE-2022-22936

    Description: Job publishes and file server replies are susceptible to replay attacks.
    Impact: An attacker can re-play job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
    Solution: Minions include a nonce in their file server requests. Masters include the nonce in their replies and sign them with the master’s private key.
    How to Mitigate:
        Upgrade to 3002.8, 3003.4, or 3004.1
        NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality.
        Attribution: Lenka Mareková <lenka@cloudflare.com>
        Severity Rating: 7.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

 

CVE-2022-22941

    Impact: This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
    Description: When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands.
    Solution: The code has been modified to correctly treat an empty list of targets as completely invalid, and the user will correctly be given an error message. How to Mitigate: Upgrade the Salt Master-of-Masters to the latest version of salt software.
    How to mitigate:
        Upgrade the Salt Master-of-Masters to 3002.8, 3003.4 or 3004.1
        NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality.
    Attribution: https://github.com/bzukdatto
    Severity Rating: 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)


[0] https://saltproject.io/security_announcements/salt-security-advisory-release/
Comment 30 Eric Bischoff 2022-03-29 19:49:17 UTC
After successful testing, approved all requests for qam-manager, including release notes.
Comment 32 Abid Mehmood 2022-03-30 19:12:25 UTC
This released security patch caused this problem https://bugzilla.suse.com/show_bug.cgi?id=1197765 and cannot be applied because some needed dependencies are missing.
Comment 33 Swamp Workflow Management 2022-03-30 19:18:53 UTC
SUSE-SU-2022:1060-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    salt-3002.2-150200.58.1
SUSE Manager Retail Branch Server 4.1 (src):    salt-3002.2-150200.58.1
SUSE Manager Proxy 4.1 (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise Micro 5.0 (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    salt-3002.2-150200.58.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    salt-3002.2-150200.58.1
SUSE Enterprise Storage 7 (src):    salt-3002.2-150200.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2022-03-30 19:19:32 UTC
SUSE-SU-2022:1057-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    salt-3002.2-150000.8.41.26.1
SUSE Linux Enterprise Server 15-LTSS (src):    salt-3002.2-150000.8.41.26.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    salt-3002.2-150000.8.41.26.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    salt-3002.2-150000.8.41.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2022-03-30 19:20:54 UTC
SUSE-SU-2022:1059-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src):    salt-3002.2-150300.53.10.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    salt-3002.2-150300.53.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    salt-3002.2-150300.53.10.1
SUSE Linux Enterprise Micro 5.1 (src):    salt-3002.2-150300.53.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2022-03-30 19:21:33 UTC
SUSE-SU-2022:1056-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2022-03-30 19:22:53 UTC
SUSE-SU-2022:1049-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    release-notes-susemanager-4.1.14.1-150200.3.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2022-03-30 19:23:36 UTC
SUSE-SU-2022:1058-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    salt-3002.2-150100.57.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    salt-3002.2-150100.57.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    salt-3002.2-150100.57.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    salt-3002.2-150100.57.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    salt-3002.2-150100.57.1
SUSE Enterprise Storage 6 (src):    salt-3002.2-150100.57.1
SUSE CaaS Platform 4.0 (src):    salt-3002.2-150100.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2022-03-30 19:24:13 UTC
SUSE-SU-2022:1050-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Server 4.2 (src):    release-notes-susemanager-4.2.5.1-150300.3.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2022-03-30 19:25:20 UTC
SUSE-SU-2022:14932-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-03-30 19:26:24 UTC
openSUSE-SU-2022:1059-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    salt-3002.2-150300.53.10.1
Comment 42 Swamp Workflow Management 2022-03-30 19:31:28 UTC
SUSE-SU-2022:1048-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2022-03-30 19:34:26 UTC
SUSE-SU-2022:14933-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2022-03-30 19:35:42 UTC
SUSE-SU-2022:1051-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Tools 12 (src):    salt-3000-58.1
SUSE Linux Enterprise Module for Advanced Systems Management 12 (src):    salt-3000-58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 OBSbugzilla Bot 2022-03-31 09:20:03 UTC
This is an autogenerated message for OBS integration:
This bug (1197417) was mentioned in
https://build.opensuse.org/request/show/966156 Factory / salt
Comment 50 OBSbugzilla Bot 2022-03-31 15:20:04 UTC
This is an autogenerated message for OBS integration:
This bug (1197417) was mentioned in
https://build.opensuse.org/request/show/966247 Factory / salt
Comment 56 Swamp Workflow Management 2022-04-25 19:19:50 UTC
SUSE-RU-2022:14945-1: An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194363,1194632,1194909,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: ECO-3319
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Swamp Workflow Management 2022-04-25 19:21:00 UTC
SUSE-RU-2022:1385-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    salt-3002.2-150000.8.41.32.1
SUSE Linux Enterprise Server 15-LTSS (src):    salt-3002.2-150000.8.41.32.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    salt-3002.2-150000.8.41.32.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    salt-3002.2-150000.8.41.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2022-04-25 19:26:55 UTC
SUSE-RU-2022:1389-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    salt-3002.2-150100.63.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    salt-3002.2-150100.63.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    salt-3002.2-150100.63.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    salt-3002.2-150100.63.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    salt-3002.2-150100.63.1
SUSE Enterprise Storage 6 (src):    salt-3002.2-150100.63.1
SUSE CaaS Platform 4.0 (src):    salt-3002.2-150100.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Swamp Workflow Management 2022-04-25 19:28:09 UTC
SUSE-RU-2022:14946-1: An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194363,1194632,1194909,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: ECO-3319
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 60 Swamp Workflow Management 2022-04-25 19:29:09 UTC
SUSE-RU-2022:1384-1: An update that fixes four vulnerabilities is now available.

Category: recommended (moderate)
Bug References: 1194632,1195221,1196050,1197417
CVE References: CVE-2020-22935,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Tools 12 (src):    salt-3000-62.1
SUSE Linux Enterprise Module for Advanced Systems Management 12 (src):    salt-3000-62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 61 Swamp Workflow Management 2022-04-25 19:30:09 UTC
SUSE-RU-2022:1388-1: An update that solves four vulnerabilities, contains one feature and has two fixes is now available.

Category: recommended (moderate)
Bug References: 1194363,1194632,1194909,1195221,1196050,1197417
CVE References: CVE-2020-22935,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941
JIRA References: ECO-3319
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Swamp Workflow Management 2022-04-25 19:34:21 UTC
SUSE-RU-2022:1392-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    salt-3002.2-150200.64.1
SUSE Manager Retail Branch Server 4.1 (src):    salt-3002.2-150200.64.1
SUSE Manager Proxy 4.1 (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise Micro 5.0 (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    salt-3002.2-150200.64.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    salt-3002.2-150200.64.1
SUSE Enterprise Storage 7 (src):    salt-3002.2-150200.64.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 63 Swamp Workflow Management 2022-04-25 19:40:31 UTC
SUSE-RU-2022:1386-1: An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194363,1194632,1194909,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: ECO-3319
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Swamp Workflow Management 2022-04-25 19:41:52 UTC
SUSE-RU-2022:1391-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: recommended (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    salt-3002.2-150300.53.16.1
SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src):    salt-3002.2-150300.53.16.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    salt-3002.2-150300.53.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    salt-3002.2-150300.53.16.1
SUSE Linux Enterprise Micro 5.2 (src):    salt-3002.2-150300.53.16.1
SUSE Linux Enterprise Micro 5.1 (src):    salt-3002.2-150300.53.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 68 Swamp Workflow Management 2022-05-04 13:19:30 UTC
SUSE-SU-2022:1514-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197637,1198556
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Tools 15-BETA (src):    venv-salt-minion-3004-159000.3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 69 Swamp Workflow Management 2022-05-04 19:16:25 UTC
SUSE-SU-2022:1534-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1197417,1197637,1198556
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 70 Swamp Workflow Management 2022-05-04 19:18:15 UTC
SUSE-SU-2022:1536-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1118088,1184177,1196249,1196877,1197279,1197417,1197637,1198556
CVE References: CVE-2018-19787,CVE-2021-28957,CVE-2022-0778,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941,CVE-2022-24302
JIRA References: 
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3004-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 71 Swamp Workflow Management 2022-05-04 19:18:59 UTC
SUSE-SU-2022:1537-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197637,1198556
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 72 Swamp Workflow Management 2022-05-04 19:20:10 UTC
SUSE-SU-2022:1531-1: An update that solves 5 vulnerabilities, contains 5 features and has three fixes is now available.

Category: security (important)
Bug References: 1181400,1190535,1196338,1196704,1197042,1197417,1197579,1197689
CVE References: CVE-2020-22935,CVE-2022-21698,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941
JIRA References: SLE-24077,SLE-24138,SLE-24139,SLE-24238,SLE-24239
Sources used:
SUSE Manager Tools 12-BETA (src):    golang-github-prometheus-alertmanager-0.23.0-4.9.1, golang-github-prometheus-node_exporter-1.3.0-4.12.1, golang-github-prometheus-prometheus-2.32.1-4.30.1, golang-github-prometheus-promu-0.13.0-4.9.1, mgr-cfg-4.3.6-4.27.1, mgr-osad-4.3.6-4.27.1, mgr-push-4.3.4-4.18.1, mgr-virtualization-4.3.5-4.18.1, rhnlib-4.3.4-24.27.1, salt-3000-53.11.1, spacecmd-4.3.10-41.39.1, spacewalk-client-tools-4.3.9-55.45.1, spacewalk-koan-4.3.5-27.18.1, spacewalk-oscap-4.3.5-22.18.1, suseRegisterInfo-4.3.3-28.21.1, uyuni-common-libs-4.3.4-3.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 73 Swamp Workflow Management 2022-05-04 19:21:08 UTC
SUSE-SU-2022:1527-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197533,1197637,1197689
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 74 Swamp Workflow Management 2022-05-04 19:21:59 UTC
SUSE-SU-2022:1529-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197533,1197637,1197689
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 75 Swamp Workflow Management 2022-05-04 19:22:49 UTC
SUSE-SU-2022:1533-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197637,1198556
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 76 Swamp Workflow Management 2022-05-04 19:24:53 UTC
SUSE-SU-2022:1528-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197533,1197637,1197689
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 77 Swamp Workflow Management 2022-05-04 19:25:46 UTC
SUSE-SU-2022:1538-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1197417,1197637,1198556
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 78 Swamp Workflow Management 2022-05-05 13:23:24 UTC
SUSE-SU-2022:1545-1: An update that solves 5 vulnerabilities, contains two features and has four fixes is now available.

Category: security (important)
Bug References: 1181400,1196338,1196704,1197042,1197417,1197533,1197579,1197637,1197689
CVE References: CVE-2022-21698,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: SLE-24077,SLE-24145
Sources used:
SUSE Manager Tools 15-BETA (src):    golang-github-prometheus-alertmanager-0.23.0-159000.6.9.3, golang-github-prometheus-prometheus-2.32.1-159000.6.30.4, mgr-cfg-4.3.6-159000.4.26.1, mgr-osad-4.3.6-159000.4.27.2, mgr-push-4.3.4-159000.4.18.2, mgr-virtualization-4.3.5-159000.4.18.2, rhnlib-4.3.4-159000.6.27.2, salt-3004-159000.8.56.1, spacecmd-4.3.10-159000.6.39.2, spacewalk-client-tools-4.3.9-159000.6.45.2, spacewalk-koan-4.3.5-159000.6.18.1, spacewalk-oscap-4.3.5-159000.6.18.2, suseRegisterInfo-4.3.3-159000.6.21.2, uyuni-common-libs-4.3.4-159000.3.30.2, uyuni-proxy-systemd-services-4.3.2-159000.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 80 Swamp Workflow Management 2022-06-10 13:20:30 UTC
SUSE-FU-2022:2042-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: feature (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Tools 15 (src):    venv-salt-minion-3004-150000.3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 81 Swamp Workflow Management 2022-06-20 16:20:17 UTC
SUSE-FU-2022:2135-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: feature (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:
SUSE Manager Tools 12 (src):    venv-salt-minion-3004-3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 82 Swamp Workflow Management 2022-06-20 16:23:42 UTC
SUSE-FU-2022:2133-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: feature (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 83 Swamp Workflow Management 2022-06-20 16:26:37 UTC
SUSE-FU-2022:14987-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: feature (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 84 Swamp Workflow Management 2022-06-20 16:29:31 UTC
SUSE-FU-2022:2128-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: feature (important)
Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 85 Swamp Workflow Management 2022-06-20 16:37:32 UTC
SUSE-FU-2022:14989-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: feature (moderate)
Bug References: 1182851,1196050,1196432,1197417,1197637,1198556,1199149
CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.