Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-34049 (GCVE-0-2023-34049)
Vulnerability from cvelistv5 – Published: 2024-11-14 04:13 – Updated: 2024-11-14 15:20
VLAI
EPSS
Title
Salt security advisory release - 2023-OCT-27
Summary
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Salt | SALT |
Affected:
3005 , < 3005.4
(oss)
Affected: 3004 , < 3006.4 (oss) |
|
| salt_project | salt |
Affected:
3005 , < 3005.4
(custom)
Affected: 3004 , < 3006.4 (custom) cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:* |
Date Public
2023-10-28 04:08
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "salt",
"vendor": "salt_project",
"versions": [
{
"lessThan": "3005.4",
"status": "affected",
"version": "3005",
"versionType": "custom"
},
{
"lessThan": "3006.4",
"status": "affected",
"version": "3004",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:12:53.355210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:20:15.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "SALT",
"product": "SALT",
"vendor": "Salt",
"versions": [
{
"lessThan": "3005.4",
"status": "affected",
"version": "3005",
"versionType": "oss"
},
{
"lessThan": "3006.4",
"status": "affected",
"version": "3004",
"versionType": "oss"
}
]
}
],
"datePublic": "2023-10-28T04:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u0026nbsp;\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eDo not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T04:13:55.255Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://saltproject.io/security-announcements/2023-10-27-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Salt security advisory release - 2023-OCT-27",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34049",
"datePublished": "2024-11-14T04:13:55.255Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2024-11-14T15:20:15.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-34049",
"date": "2026-07-03",
"epss": "0.00187",
"percentile": "0.0845"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\"}, {\"lang\": \"es\", \"value\": \"La opci\\u00f3n de pre-vuelo de Salt-SSH copia el script al destino en una ruta predecible, lo que permite a un atacante forzar a Salt-SSH a ejecutar su script. Si un atacante tiene acceso a la m\\u00e1quina virtual de destino y conoce la ruta al script de pre-vuelo antes de que se ejecute, puede asegurarse de que Salt-SSH ejecute su script con los privilegios del usuario que ejecuta Salt-SSH. No haga que la ruta de copia en el destino sea predecible y aseg\\u00farese de verificar los c\\u00f3digos de retorno del comando scp si la copia falla.\"}]",
"id": "CVE-2023-34049",
"lastModified": "2024-11-15T13:58:08.913",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}]}",
"published": "2024-11-14T05:15:28.260",
"references": "[{\"url\": \"https://saltproject.io/security-announcements/2023-10-27-advisory/\", \"source\": \"security@vmware.com\"}]",
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-34049\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-11-14T05:15:28.260\",\"lastModified\":\"2026-06-17T06:02:48.060\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\"},{\"lang\":\"es\",\"value\":\"La opci\u00f3n de pre-vuelo de Salt-SSH copia el script al destino en una ruta predecible, lo que permite a un atacante forzar a Salt-SSH a ejecutar su script. Si un atacante tiene acceso a la m\u00e1quina virtual de destino y conoce la ruta al script de pre-vuelo antes de que se ejecute, puede asegurarse de que Salt-SSH ejecute su script con los privilegios del usuario que ejecuta Salt-SSH. No haga que la ruta de copia en el destino sea predecible y aseg\u00farese de verificar los c\u00f3digos de retorno del comando scp si la copia falla.\"}],\"affected\":[{\"source\":\"security@vmware.com\",\"affectedData\":[{\"vendor\":\"Salt\",\"product\":\"SALT\",\"defaultStatus\":\"unaffected\",\"packageName\":\"SALT\",\"versions\":[{\"version\":\"3005\",\"lessThan\":\"3005.4\",\"versionType\":\"oss\",\"status\":\"affected\"},{\"version\":\"3004\",\"lessThan\":\"3006.4\",\"versionType\":\"oss\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"salt_project\",\"product\":\"salt\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"3005\",\"lessThan\":\"3005.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"3004\",\"lessThan\":\"3006.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-11-14T15:12:53.355210Z\",\"id\":\"CVE-2023-34049\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"references\":[{\"url\":\"https://saltproject.io/security-announcements/2023-10-27-advisory/\",\"source\":\"security@vmware.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-34049\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-14T15:12:53.355210Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:salt_project:salt:*:*:*:*:*:*:*:*\"], \"vendor\": \"salt_project\", \"product\": \"salt\", \"versions\": [{\"status\": \"affected\", \"version\": \"3005\", \"lessThan\": \"3005.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3004\", \"lessThan\": \"3006.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-14T15:18:00.386Z\"}}], \"cna\": {\"title\": \"Salt security advisory release - 2023-OCT-27\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Salt\", \"product\": \"SALT\", \"versions\": [{\"status\": \"affected\", \"version\": \"3005\", \"lessThan\": \"3005.4\", \"versionType\": \"oss\"}, {\"status\": \"affected\", \"version\": \"3004\", \"lessThan\": \"3006.4\", \"versionType\": \"oss\"}], \"packageName\": \"SALT\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-10-28T04:08:00.000Z\", \"references\": [{\"url\": \"https://saltproject.io/security-announcements/2023-10-27-advisory/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(254, 254, 254);\\\"\u003eDo not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2024-11-14T04:13:55.255Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-34049\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-14T15:20:15.288Z\", \"dateReserved\": \"2023-05-25T17:21:56.202Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2024-11-14T04:13:55.255Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2023:4748-1
Vulnerability from csaf_suse - Published: 2023-12-13 09:24 - Updated: 2023-12-13 09:24Summary
Security update for SUSE Manager Salt Bundle
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Salt Bundle
Description of the patch: This update fixes the following issues:
venv-salt-minion:
* Security fixes:
* CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)
* Non security fixes:
* Add python dateutil module to the bundle
* Allow all primitive grain types for autosign_grains (bsc#1214477)
* Remove non-free RNG schema file (bsc#1213351)
Patchnames: SUSE-2023-4748,SUSE-SLE-Manager-Tools-12-2023-4748
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n * Security fixes:\n * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)\n * Non security fixes:\n * Add python dateutil module to the bundle\n * Allow all primitive grain types for autosign_grains (bsc#1214477)\n * Remove non-free RNG schema file (bsc#1213351)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4748,SUSE-SLE-Manager-Tools-12-2023-4748",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4748-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4748-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234748-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4748-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017373.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213351",
"url": "https://bugzilla.suse.com/1213351"
},
{
"category": "self",
"summary": "SUSE Bug 1214477",
"url": "https://bugzilla.suse.com/1214477"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2023-12-13T09:24:14Z",
"generator": {
"date": "2023-12-13T09:24:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4748-1",
"initial_release_date": "2023-12-13T09:24:14Z",
"revision_history": [
{
"date": "2023-12-13T09:24:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.aarch64",
"product_id": "saltbundle-swig-4.1.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.aarch64",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.aarch64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.aarch64",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.aarch64",
"product_id": "venv-salt-minion-3006.0-3.46.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-doc-4.1.1-3.9.1.noarch",
"product": {
"name": "saltbundle-swig-doc-4.1.1-3.9.1.noarch",
"product_id": "saltbundle-swig-doc-4.1.1-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-appdirs-1.4.4-3.9.1.noarch",
"product": {
"name": "saltbundlepy-appdirs-1.4.4-3.9.1.noarch",
"product_id": "saltbundlepy-appdirs-1.4.4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-certifi-2018.1.18-3.15.1.noarch",
"product": {
"name": "saltbundlepy-certifi-2018.1.18-3.15.1.noarch",
"product_id": "saltbundlepy-certifi-2018.1.18-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dateutil-2.8.1-3.3.5.noarch",
"product": {
"name": "saltbundlepy-dateutil-2.8.1-3.3.5.noarch",
"product_id": "saltbundlepy-dateutil-2.8.1-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-editables-0.3-3.3.1.noarch",
"product": {
"name": "saltbundlepy-editables-0.3-3.3.1.noarch",
"product_id": "saltbundlepy-editables-0.3-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-exceptiongroup-1.1.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-exceptiongroup-1.1.0-3.3.1.noarch",
"product_id": "saltbundlepy-exceptiongroup-1.1.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-core-3.8.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-core-3.8.0-3.3.1.noarch",
"product_id": "saltbundlepy-flit-core-3.8.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-scm-1.7.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-scm-1.7.0-3.3.1.noarch",
"product_id": "saltbundlepy-flit-scm-1.7.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatch-vcs-0.3.0-3.3.2.noarch",
"product": {
"name": "saltbundlepy-hatch-vcs-0.3.0-3.3.2.noarch",
"product_id": "saltbundlepy-hatch-vcs-0.3.0-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatchling-1.13.0-3.3.2.noarch",
"product": {
"name": "saltbundlepy-hatchling-1.13.0-3.3.2.noarch",
"product_id": "saltbundlepy-hatchling-1.13.0-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-iniconfig-2.0.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-iniconfig-2.0.0-3.3.1.noarch",
"product_id": "saltbundlepy-iniconfig-2.0.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-doc-4.9.3-3.18.1.noarch",
"product": {
"name": "saltbundlepy-lxml-doc-4.9.3-3.18.1.noarch",
"product_id": "saltbundlepy-lxml-doc-4.9.3-3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-more-itertools-8.10.0-3.12.1.noarch",
"product": {
"name": "saltbundlepy-more-itertools-8.10.0-3.12.1.noarch",
"product_id": "saltbundlepy-more-itertools-8.10.0-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-packaging-23.1-3.9.1.noarch",
"product": {
"name": "saltbundlepy-packaging-23.1-3.9.1.noarch",
"product_id": "saltbundlepy-packaging-23.1-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pathspec-0.11.1-3.3.1.noarch",
"product": {
"name": "saltbundlepy-pathspec-0.11.1-3.3.1.noarch",
"product_id": "saltbundlepy-pathspec-0.11.1-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pip-20.2.4-3.9.1.noarch",
"product": {
"name": "saltbundlepy-pip-20.2.4-3.9.1.noarch",
"product_id": "saltbundlepy-pip-20.2.4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pluggy-1.0.0-3.9.5.noarch",
"product": {
"name": "saltbundlepy-pluggy-1.0.0-3.9.5.noarch",
"product_id": "saltbundlepy-pluggy-1.0.0-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-py-1.10.0-3.12.5.noarch",
"product": {
"name": "saltbundlepy-py-1.10.0-3.12.5.noarch",
"product_id": "saltbundlepy-py-1.10.0-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pytest-7.3.2-3.9.1.noarch",
"product": {
"name": "saltbundlepy-pytest-7.3.2-3.9.1.noarch",
"product_id": "saltbundlepy-pytest-7.3.2-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-scm-7.1.0-3.9.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-scm-7.1.0-3.9.1.noarch",
"product_id": "saltbundlepy-setuptools-scm-7.1.0-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tomli-1.2.3-3.3.1.noarch",
"product": {
"name": "saltbundlepy-tomli-1.2.3-3.3.1.noarch",
"product_id": "saltbundlepy-tomli-1.2.3-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-typing-extensions-4.5.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-typing-extensions-4.5.0-3.3.1.noarch",
"product_id": "saltbundlepy-typing-extensions-4.5.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-wheel-0.40.0-3.3.1.noarch",
"product": {
"name": "saltbundlepy-wheel-0.40.0-3.3.1.noarch",
"product_id": "saltbundlepy-wheel-0.40.0-3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.ppc64le",
"product_id": "saltbundle-swig-4.1.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.ppc64le",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.ppc64le",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.ppc64le",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.ppc64le",
"product_id": "venv-salt-minion-3006.0-3.46.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.s390x",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.s390x",
"product_id": "saltbundle-swig-4.1.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.s390x",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.s390x",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.s390x",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.s390x",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.s390x",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.s390x",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.s390x",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.s390x",
"product_id": "venv-salt-minion-3006.0-3.46.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-4.1.1-3.9.1.x86_64",
"product_id": "saltbundle-swig-4.1.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-3.9.1.x86_64",
"product_id": "saltbundle-swig-examples-4.1.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-3.15.1.x86_64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-3.15.1.x86_64",
"product_id": "saltbundlepy-cffi-1.15.1-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-4.9.3-3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.46.2.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-3.46.2.x86_64",
"product_id": "venv-salt-minion-3006.0-3.46.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.46.2.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-3.46.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-13T09:24:14Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
SUSE-SU-2023:4749-1
Vulnerability from csaf_suse - Published: 2023-12-13 09:26 - Updated: 2023-12-13 09:26Summary
Security update for SUSE Manager Salt Bundle
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Salt Bundle
Description of the patch: This update fixes the following issues:
venv-salt-minion:
* Security fixes:
* CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)
* Non security fixes:
* Add python dateutil module to the bundle
* Allow all primitive grain types for autosign_grains (bsc#1214477)
* Remove non-free RNG schema file (bsc#1213351)
Patchnames: SUSE-2023-4749,SUSE-SLE-Manager-Tools-15-2023-4749,SUSE-SLE-Manager-Tools-For-Micro-5-2023-4749,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4749,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4749
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.4 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n * Security fixes:\n * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)\n * Non security fixes:\n * Add python dateutil module to the bundle\n * Allow all primitive grain types for autosign_grains (bsc#1214477)\n * Remove non-free RNG schema file (bsc#1213351)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4749,SUSE-SLE-Manager-Tools-15-2023-4749,SUSE-SLE-Manager-Tools-For-Micro-5-2023-4749,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4749,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4749",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4749-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4749-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234749-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4749-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-December/033085.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213351",
"url": "https://bugzilla.suse.com/1213351"
},
{
"category": "self",
"summary": "SUSE Bug 1214477",
"url": "https://bugzilla.suse.com/1214477"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2023-12-13T09:26:13Z",
"generator": {
"date": "2023-12-13T09:26:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4749-1",
"initial_release_date": "2023-12-13T09:26:13Z",
"revision_history": [
{
"date": "2023-12-13T09:26:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.aarch64",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.aarch64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.aarch64",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.aarch64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.aarch64",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.aarch64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-doc-4.1.1-150000.3.9.1.noarch",
"product": {
"name": "saltbundle-swig-doc-4.1.1-150000.3.9.1.noarch",
"product_id": "saltbundle-swig-doc-4.1.1-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-appdirs-1.4.4-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-appdirs-1.4.4-150000.3.9.1.noarch",
"product_id": "saltbundlepy-appdirs-1.4.4-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-certifi-2018.1.18-150000.3.15.1.noarch",
"product": {
"name": "saltbundlepy-certifi-2018.1.18-150000.3.15.1.noarch",
"product_id": "saltbundlepy-certifi-2018.1.18-150000.3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dateutil-2.8.1-150000.3.3.3.noarch",
"product": {
"name": "saltbundlepy-dateutil-2.8.1-150000.3.3.3.noarch",
"product_id": "saltbundlepy-dateutil-2.8.1-150000.3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-editables-0.3-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-editables-0.3-150000.3.3.1.noarch",
"product_id": "saltbundlepy-editables-0.3-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-exceptiongroup-1.1.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-exceptiongroup-1.1.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-exceptiongroup-1.1.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-core-3.8.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-core-3.8.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-flit-core-3.8.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-scm-1.7.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-scm-1.7.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-flit-scm-1.7.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatch-vcs-0.3.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-hatch-vcs-0.3.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-hatch-vcs-0.3.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatchling-1.13.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-hatchling-1.13.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-hatchling-1.13.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-iniconfig-2.0.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-iniconfig-2.0.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-iniconfig-2.0.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-doc-4.9.3-150000.3.18.1.noarch",
"product": {
"name": "saltbundlepy-lxml-doc-4.9.3-150000.3.18.1.noarch",
"product_id": "saltbundlepy-lxml-doc-4.9.3-150000.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-more-itertools-8.10.0-150000.3.12.1.noarch",
"product": {
"name": "saltbundlepy-more-itertools-8.10.0-150000.3.12.1.noarch",
"product_id": "saltbundlepy-more-itertools-8.10.0-150000.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-packaging-23.1-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-packaging-23.1-150000.3.9.1.noarch",
"product_id": "saltbundlepy-packaging-23.1-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pathspec-0.11.1-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-pathspec-0.11.1-150000.3.3.1.noarch",
"product_id": "saltbundlepy-pathspec-0.11.1-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pip-20.2.4-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-pip-20.2.4-150000.3.9.1.noarch",
"product_id": "saltbundlepy-pip-20.2.4-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pluggy-1.0.0-150000.3.9.3.noarch",
"product": {
"name": "saltbundlepy-pluggy-1.0.0-150000.3.9.3.noarch",
"product_id": "saltbundlepy-pluggy-1.0.0-150000.3.9.3.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-py-1.10.0-150000.3.12.3.noarch",
"product": {
"name": "saltbundlepy-py-1.10.0-150000.3.12.3.noarch",
"product_id": "saltbundlepy-py-1.10.0-150000.3.12.3.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pytest-7.3.2-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-pytest-7.3.2-150000.3.9.1.noarch",
"product_id": "saltbundlepy-pytest-7.3.2-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-scm-7.1.0-150000.3.9.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-scm-7.1.0-150000.3.9.1.noarch",
"product_id": "saltbundlepy-setuptools-scm-7.1.0-150000.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tomli-1.2.3-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-tomli-1.2.3-150000.3.3.1.noarch",
"product_id": "saltbundlepy-tomli-1.2.3-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-typing-extensions-4.5.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-typing-extensions-4.5.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-typing-extensions-4.5.0-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-wheel-0.40.0-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-wheel-0.40.0-150000.3.3.1.noarch",
"product_id": "saltbundlepy-wheel-0.40.0-150000.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.ppc64le",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.ppc64le",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.ppc64le",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.ppc64le",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.ppc64le",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.s390x",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.s390x",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.s390x",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.s390x",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.s390x",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.s390x",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.s390x",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.s390x",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.s390x",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-150000.3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-4.1.1-150000.3.9.1.x86_64",
"product_id": "saltbundle-swig-4.1.1-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.x86_64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-150000.3.9.1.x86_64",
"product_id": "saltbundle-swig-examples-4.1.1-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.x86_64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-150000.3.15.1.x86_64",
"product_id": "saltbundlepy-cffi-1.15.1-150000.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-150000.3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-4.9.3-150000.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.x86_64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-150000.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"product_id": "venv-salt-minion-3006.0-150000.3.48.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.3",
"product": {
"name": "SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.aarch64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.48.2.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.48.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-13T09:26:13Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
SUSE-SU-2023:4757-1
Vulnerability from csaf_suse - Published: 2023-12-13 09:33 - Updated: 2023-12-13 09:33Summary
Security update for SUSE Manager Salt Bundle
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Salt Bundle
Description of the patch: This update fixes the following issues:
venv-salt-minion:
* Security fixes:
* CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)
* Non security fixes:
* Add python dateutil module to the bundle
* Allow all primitive grain types for autosign_grains (bsc#1214477)
* Remove non-free RNG schema file (bsc#1213351)
Patchnames: SUSE-2023-4757,SUSE-EL-9-CLIENT-TOOLS-2023-4757
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.4 (High)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n * Security fixes:\n * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157)\n * Non security fixes:\n * Add python dateutil module to the bundle\n * Allow all primitive grain types for autosign_grains (bsc#1214477)\n * Remove non-free RNG schema file (bsc#1213351)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4757,SUSE-EL-9-CLIENT-TOOLS-2023-4757",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4757-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4757-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234757-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4757-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017369.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213351",
"url": "https://bugzilla.suse.com/1213351"
},
{
"category": "self",
"summary": "SUSE Bug 1214477",
"url": "https://bugzilla.suse.com/1214477"
},
{
"category": "self",
"summary": "SUSE Bug 1215157",
"url": "https://bugzilla.suse.com/1215157"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34049/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2023-12-13T09:33:43Z",
"generator": {
"date": "2023-12-13T09:33:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4757-1",
"initial_release_date": "2023-12-13T09:33:43Z",
"revision_history": [
{
"date": "2023-12-13T09:33:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.aarch64",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.aarch64",
"product_id": "saltbundle-swig-4.1.1-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.aarch64",
"product_id": "venv-salt-minion-3006.0-1.30.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"product": {
"name": "saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"product_id": "saltbundle-swig-doc-4.1.1-1.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"product": {
"name": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"product_id": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"product": {
"name": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"product_id": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"product": {
"name": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"product_id": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-editables-0.3-1.3.1.noarch",
"product": {
"name": "saltbundlepy-editables-0.3-1.3.1.noarch",
"product_id": "saltbundlepy-editables-0.3-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"product_id": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"product_id": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"product_id": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"product_id": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"product_id": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"product_id": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"product": {
"name": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"product_id": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"product": {
"name": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"product_id": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-packaging-23.1-1.6.1.noarch",
"product": {
"name": "saltbundlepy-packaging-23.1-1.6.1.noarch",
"product_id": "saltbundlepy-packaging-23.1-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"product": {
"name": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"product_id": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pip-20.2.4-1.6.1.noarch",
"product": {
"name": "saltbundlepy-pip-20.2.4-1.6.1.noarch",
"product_id": "saltbundlepy-pip-20.2.4-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"product": {
"name": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"product_id": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-py-1.10.0-1.9.4.noarch",
"product": {
"name": "saltbundlepy-py-1.10.0-1.9.4.noarch",
"product_id": "saltbundlepy-py-1.10.0-1.9.4.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"product": {
"name": "saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"product_id": "saltbundlepy-pytest-7.3.2-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"product_id": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"product": {
"name": "saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"product_id": "saltbundlepy-tomli-1.2.3-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"product_id": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"product": {
"name": "saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"product_id": "saltbundlepy-wheel-0.40.0-1.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.ppc64le",
"product_id": "saltbundle-swig-4.1.1-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"product_id": "venv-salt-minion-3006.0-1.30.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.s390x",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.s390x",
"product_id": "saltbundle-swig-4.1.1-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.s390x",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.s390x",
"product_id": "venv-salt-minion-3006.0-1.30.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundle-swig-4.1.1-1.9.1.x86_64",
"product": {
"name": "saltbundle-swig-4.1.1-1.9.1.x86_64",
"product_id": "saltbundle-swig-4.1.1-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"product": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"product_id": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"product": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"product_id": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"product_id": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"product": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"product_id": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.30.3.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-1.30.3.x86_64",
"product_id": "venv-salt-minion-3006.0-1.30.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE:EL-9:Update:Products:SaltBundle:Update",
"product": {
"name": "SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product": {
"name": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-4.1.1-1.9.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64"
},
"product_reference": "saltbundle-swig-4.1.1-1.9.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-doc-4.1.1-1.9.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch"
},
"product_reference": "saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64"
},
"product_reference": "saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch"
},
"product_reference": "saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch"
},
"product_reference": "saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64"
},
"product_reference": "saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch"
},
"product_reference": "saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-editables-0.3-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch"
},
"product_reference": "saltbundlepy-editables-0.3-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64"
},
"product_reference": "saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64"
},
"product_reference": "saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch"
},
"product_reference": "saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch"
},
"product_reference": "saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-packaging-23.1-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch"
},
"product_reference": "saltbundlepy-packaging-23.1-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch"
},
"product_reference": "saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pip-20.2.4-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch"
},
"product_reference": "saltbundlepy-pip-20.2.4-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch"
},
"product_reference": "saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-py-1.10.0-1.9.4.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch"
},
"product_reference": "saltbundlepy-py-1.10.0-1.9.4.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-pytest-7.3.2-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch"
},
"product_reference": "saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch"
},
"product_reference": "saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-tomli-1.2.3-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch"
},
"product_reference": "saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-wheel-0.40.0-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch"
},
"product_reference": "saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.aarch64 as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.ppc64le as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.s390x as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.30.3.x86_64 as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-1.30.3.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34049"
}
],
"notes": [
{
"category": "general",
"text": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34049",
"url": "https://www.suse.com/security/cve/CVE-2023-34049"
},
{
"category": "external",
"summary": "SUSE Bug 1215157 for CVE-2023-34049",
"url": "https://bugzilla.suse.com/1215157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.30.3.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-doc-4.1.1-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundle-swig-examples-4.1.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-appdirs-1.4.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-certifi-2018.1.18-1.9.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cffi-1.15.1-1.9.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dateutil-2.8.1-1.3.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-editables-0.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-exceptiongroup-1.1.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-core-3.8.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-flit-scm-1.7.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatch-vcs-0.3.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-hatchling-1.13.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-iniconfig-2.0.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-devel-4.9.3-1.12.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-lxml-doc-4.9.3-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-more-itertools-8.10.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-packaging-23.1-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pathspec-0.11.1-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pip-20.2.4-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pluggy-1.0.0-1.6.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-py-1.10.0-1.9.4.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-pytest-7.3.2-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-scm-7.1.0-1.6.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tomli-1.2.3-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-typing-extensions-4.5.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-wheel-0.40.0-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.30.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-13T09:33:43Z",
"details": "important"
}
],
"title": "CVE-2023-34049"
}
]
}
WID-SEC-W-2023-2769
Vulnerability from csaf_certbund - Published: 2023-10-29 23:00 - Updated: 2024-12-08 23:00Summary
SaltStack Salt: Schwachstelle ermöglicht Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Salt bietet Infrastrukturverwaltung auf der Grundlage eines dynamischen Kommunikationsbusses.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in SaltStack Salt ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht in der Salt-SSH Preflight-Option aufgrund eines vorhersehbaren Pfades, der es erlaubt, ein Skript in ein Preflight-Skript auf die Ziel-VM zu kopieren. Ein lokaler Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SaltStack Salt <3006.4
SaltStack / Salt
|
<3006.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
SaltStack Salt <3005.4
SaltStack / Salt
|
<3005.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Salt bietet Infrastrukturverwaltung auf der Grundlage eines dynamischen Kommunikationsbusses.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in SaltStack Salt ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2769 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2769.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2769 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2769"
},
{
"category": "external",
"summary": "Salt security advisory vom 2023-10-29",
"url": "https://saltproject.io/security-announcements/2023-10-27-advisory/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-747E8B0AB1 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-747e8b0ab1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-89E8F3EFC5 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-89e8f3efc5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3EDA7B85F5 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3eda7b85f5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-A6699DF922 vom 2023-10-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a6699df922"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4386-1 vom 2023-11-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4387-1 vom 2023-11-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017013.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-202311:15242-1 vom 2023-12-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4754-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017370.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4752-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017372.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4748-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017373.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4742-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4757-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017369.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4749-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017374.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4753-1 vom 2023-12-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017371.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-09 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-09"
}
],
"source_lang": "en-US",
"title": "SaltStack Salt: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-12-08T23:00:00.000+00:00",
"generator": {
"date": "2024-12-09T09:21:38.743+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2023-2769",
"initial_release_date": "2023-10-29T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-29T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-12-14T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3006.4",
"product": {
"name": "SaltStack Salt \u003c3006.4",
"product_id": "T030826"
}
},
{
"category": "product_version",
"name": "3006.4",
"product": {
"name": "SaltStack Salt 3006.4",
"product_id": "T030826-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:saltstack:salt:3006.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3005.4",
"product": {
"name": "SaltStack Salt \u003c3005.4",
"product_id": "T030827"
}
},
{
"category": "product_version",
"name": "3005.4",
"product": {
"name": "SaltStack Salt 3005.4",
"product_id": "T030827-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:saltstack:salt:3005.4"
}
}
}
],
"category": "product_name",
"name": "Salt"
}
],
"category": "vendor",
"name": "SaltStack"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34049",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht in der Salt-SSH Preflight-Option aufgrund eines vorhersehbaren Pfades, der es erlaubt, ein Skript in ein Preflight-Skript auf die Ziel-VM zu kopieren. Ein lokaler Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T002207",
"T030826",
"T012167",
"T030827",
"74185"
]
},
"release_date": "2023-10-29T23:00:00.000+00:00",
"title": "CVE-2023-34049"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…