Security update for salt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:1897-1 Final 1 1 2016-07-28T09:06:34Z current 2016-07-28T09:06:34Z 2016-07-28T09:06:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for salt salt was updated to fix one security issue. This security issue was fixed: - CVE-2015-8034: Prevent saving state.sls cache data to disk with insecure permissions (bsc#957914). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-Storage-1.0-2016-1112 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20161897-1/ Link for SUSE-SU-2016:1897-1 https://lists.suse.com/pipermail/sle-security-updates/2016-July/002167.html E-Mail link for SUSE-SU-2016:1897-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/957914 SUSE Bug 957914 https://www.suse.com/security/cve/CVE-2015-8034/ SUSE CVE CVE-2015-8034 page SUSE Enterprise Storage 1.0 salt-2014.1.10-8.4 salt-master-2014.1.10-8.4 salt-minion-2014.1.10-8.4 salt-2014.1.10-8.4 as a component of SUSE Enterprise Storage 1.0 salt-master-2014.1.10-8.4 as a component of SUSE Enterprise Storage 1.0 salt-minion-2014.1.10-8.4 as a component of SUSE Enterprise Storage 1.0 The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. CVE-2015-8034 SUSE Enterprise Storage 1.0:salt-2014.1.10-8.4 SUSE Enterprise Storage 1.0:salt-master-2014.1.10-8.4 SUSE Enterprise Storage 1.0:salt-minion-2014.1.10-8.4 moderate 4.6 AV:L/AC:L/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161897-1/ https://www.suse.com/security/cve/CVE-2015-8034.html CVE-2015-8034 https://bugzilla.suse.com/957914 SUSE Bug 957914