SUSE SLES15 Security Update : salt (SUSE-SU-2025:02534-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02534-1 advisory. – Security issues fixed: – CVE-2024-38822: Fixed Minion token validation (bsc#1244561) – CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564) – CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565) – CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566) – CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567) – CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568) – CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570) – CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571) – CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572) – CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574) – CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575) – CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268) – Other bugs fixed: – Added subsystem filter to udev.exportdb (bsc#1236621) – Fixed Ubuntu 24.04 test failures – Fixed refresh of osrelease and related grains on…Read More