OPENSUSE-SU-2026:20000-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 23 Dec 2025, 09:11
Last modified:23 Mar 2026, 04:54

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

23 Dec 2025, 09:11
Published
Vulnerability first disclosed
23 Mar 2026, 04:54
Last Modified
Vulnerability information updated

Description

Security update for salt This update for salt fixes the following issues: Changes in salt: - Add minimum_auth_version to enforce security (CVE-2025-62349) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Junos module yaml loader fix (CVE-2025-62348) - Require Python dependencies only for used Python version - Fix TLS and x509 modules for OSes with older cryptography module - Fix Salt for Python > 3.11 (bsc#1252285, bsc#1252244) - Fix payload signature verification on Tumbleweed (bsc#1251776) - Fix broken symlink on migration to Leap 16.0 (bsc#1250755) - Use versioned python interpreter for salt-ssh - Fix known_hosts error on gitfs (bsc#1250520, bsc#1227207) - Revert require M2Crypto >= 0.44.0 for SUSE Family distros - Improve SL Micro 6.2 detection with grains - Fix the tests failing on AlmaLinux 10 and other clones

Affected Systems

  • opensusesalt-test&distro=openSUSE Leap 16.0

    < 3006.0-160000.3.1

  • opensusesalt&distro=openSUSE Leap 16.0

    < 3006.0-160000.3.1

References (8)