Bug 957812 - (CVE-2015-3195) VUL-0: CVE-2015-3195: openssl: X509_ATTRIBUTE memory leak
(CVE-2015-3195)
VUL-0: CVE-2015-3195: openssl: X509_ATTRIBUTE memory leak
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2015-3195:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-03 15:47 UTC by Marcus Meissner
Modified: 2022-02-16 21:21 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
cve-2015-3195.c (786 bytes, text/plain)
2015-12-05 11:40 UTC, Marcus Meissner
Details
openssl-CVE-2015-3195.patch (1.81 KB, patch)
2016-01-25 13:31 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-12-03 15:47:16 UTC
https://www.openssl.org/news/secadv/20151203.txt

X509_ATTRIBUTE memory leak (CVE-2015-3195)
==========================================

Severity: Moderate

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
OpenSSL 1.0.0 users should upgrade to 1.0.0t
OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
Henson of the OpenSSL development team.
Comment 1 SMASH SMASH 2015-12-03 17:02:38 UTC
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Dec. 10, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/121082/.
Comment 2 Swamp Workflow Management 2015-12-03 17:05:15 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-12-17.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62367
Comment 3 SMASH SMASH 2015-12-03 17:05:23 UTC
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Dec. 10, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/62367/.
Comment 4 Swamp Workflow Management 2015-12-03 23:00:21 UTC
bugbot adjusting priority
Comment 7 Bernhard Wiedemann 2015-12-04 17:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (957812) was mentioned in
https://build.opensuse.org/request/show/347471 13.2+13.1 / openssl
Comment 9 Vítězslav Čížek 2015-12-04 23:43:15 UTC
Packages submitted.
Reassigning to security team.
Comment 10 Bernhard Wiedemann 2015-12-05 00:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (957812) was mentioned in
https://build.opensuse.org/request/show/347504 Factory / openssl
Comment 11 Marcus Meissner 2015-12-05 11:40:17 UTC
Created attachment 658489 [details]
cve-2015-3195.c

gcc -g -O2 -o cve-2015-3195 cve-2015-3195.c -lcrypto

valgrind --leak-check=full ./cve-2015-3195

before:
 ==2531== 41 (40 direct, 1 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 16
==2531==    at 0x4C2A00F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2531==    by 0x4EA2377: CRYPTO_malloc (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F8CD59: ASN1_OBJECT_new (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F8CF94: c2i_ASN1_OBJECT (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9E577: asn1_ex_c2i (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9EB69: ??? (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9F9F9: ASN1_item_ex_d2i (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9FD5A: ??? (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9FFB0: ??? (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9F693: ASN1_item_ex_d2i (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9FC4E: ??? (in /lib64/libcrypto.so.1.0.0)
==2531==    by 0x4F9FFB0: ??? (in /lib64/libcrypto.so.1.0.0)

after:
no such leak
Comment 12 Swamp Workflow Management 2015-12-08 17:11:08 UTC
SUSE-SU-2015:2230-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 954256,957812,957813,957815
CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    openssl-1.0.1i-36.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssl-1.0.1i-36.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssl-1.0.1i-36.1
Comment 13 Swamp Workflow Management 2015-12-09 19:11:42 UTC
SUSE-SU-2015:2237-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 937085,947104,954256,957812,957813,957815
CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-27.6.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-27.6.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-27.6.1
Comment 14 Andreas Stieger 2015-12-10 10:10:06 UTC
Hello Jan,

bsc#957815 (CVE-2015-3194) and bsc#957812 (CVE-2015-3195) also affect LibreSSL:

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.5-relnotes.txt

> We have released LibreSSL 2.2.5, which will be arriving in the
> LibreSSL directory of your local OpenBSD mirror soon.
> 
> This release is based on the stable OpenBSD 5.8 branch.
> 
>  * Fixes from OpenSSL 1.0.1q
>   - CVE-2015-3194 - NULL pointer dereference in client side certificate
>                     validation.
>   - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL

For your convenience, here are the commits:

https://github.com/libressl-portable/openbsd/commit/70e905b0d750d02740f6bd15d1616a819a51af92
    Fix for OpenSSL CVE-2015-3195
https://github.com/libressl-portable/openbsd/commit/9900c16beb14eb3bfc8f4d8c6191e6e1a271c861
    Fix for OpenSSL CVE-2015-3194

The affected distributions are:

openSUSE:13.2:Update/libressl      (2.2.1)
openSUSE:Leap:42.1:Update/libressl (2.3.0)
as well as security/libressl and Tumbleweed. This fix was not committed to the 2.3.x snapshot series.

Please submit a maintenance update, thanks!
Comment 15 Swamp Workflow Management 2015-12-10 17:13:05 UTC
SUSE-SU-2015:2251-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 952099,957812
CVE References: CVE-2015-3195
Sources used:
SUSE Linux Enterprise Server for SAP 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Server for SAP 11-SP3 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Server for SAP 11-SP2 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    compat-openssl097g-0.9.7g-146.22.36.1
Comment 16 Andreas Stieger 2015-12-11 13:29:47 UTC
LibreSSL issue split into boo#958768
Comment 17 Swamp Workflow Management 2015-12-11 19:11:32 UTC
SUSE-SU-2015:2253-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 937085,954256,957812,957813,957815
CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.35.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssl1-1.0.1g-0.35.1
Comment 18 Swamp Workflow Management 2015-12-16 00:11:44 UTC
SUSE-SU-2015:2275-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 952099,957812
CVE References: CVE-2015-3195
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Server 11-SP4 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Server 11-SP3 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssl-0.9.8j-0.80.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    openssl-0.9.8j-0.80.1
Comment 19 Swamp Workflow Management 2015-12-17 09:11:09 UTC
openSUSE-SU-2015:2288-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 957812,957813,957815
CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.27.1
openSUSE 13.1 (src):    openssl-1.0.1k-11.75.1
Comment 20 Swamp Workflow Management 2015-12-17 09:12:07 UTC
openSUSE-SU-2015:2289-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 954256,957812,957813,957815
CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196
Sources used:
openSUSE Leap 42.1 (src):    openssl-1.0.1i-9.1
Comment 21 Swamp Workflow Management 2015-12-22 18:10:56 UTC
SUSE-SU-2015:2342-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 952099,957812
CVE References: CVE-2015-3195
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-87.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    compat-openssl098-0.9.8j-87.1
SUSE Linux Enterprise Desktop 12 (src):    compat-openssl098-0.9.8j-87.1
Comment 23 Swamp Workflow Management 2015-12-23 15:11:03 UTC
openSUSE-SU-2015:2349-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 952099,957812
CVE References: CVE-2015-3195
Sources used:
openSUSE Leap 42.1 (src):    compat-openssl098-0.9.8j-6.1
Comment 24 Marcus Meissner 2016-01-25 13:31:58 UTC
Created attachment 663072 [details]
openssl-CVE-2015-3195.patch

openssl-CVE-2015-3195.patch used in sle12 update
Comment 26 Marcus Meissner 2016-02-10 07:16:47 UTC
released
Comment 27 Swamp Workflow Management 2016-03-02 22:12:19 UTC
openSUSE-SU-2016:0637-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 957812,957815,963415,968046,968047,968048,968050,968265,968374
CVE References: CVE-2015-1794,CVE-2015-3194,CVE-2015-3195,CVE-2015-3197,CVE-2016-0701,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
openSUSE Evergreen 11.4 (src):    openssl-1.0.1p-71.1
Comment 28 Swamp Workflow Management 2016-03-07 17:14:01 UTC
SUSE-SU-2016:0678-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 937492,957812,963415,968046,968048,968051,968053,968374
CVE References: CVE-2015-0287,CVE-2015-3195,CVE-2015-3197,CVE-2016-0703,CVE-2016-0704,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    openssl-0.9.8a-18.94.2
Comment 29 Swamp Workflow Management 2016-05-18 12:09:07 UTC
openSUSE-SU-2016:1327-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 950707,950708,957812,957815,977584,978492
CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-5333,CVE-2015-5334
Sources used:
openSUSE 13.2 (src):    libressl-2.2.7-2.13.1
Comment 30 Swamp Workflow Management 2022-02-16 21:21:20 UTC
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.