OPENSUSE-SU-2026:20412-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 24 Mar 2026, 06:24
Last modified:29 Mar 2026, 17:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 Mar 2026, 06:24
Published
Vulnerability first disclosed
29 Mar 2026, 17:24
Last Modified
Vulnerability information updated
Description
Security update for salt This update for salt fixes the following issues: Changes in salt: - Security issues fixed: * CVE-2025-67724: fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fixed HTTP header parameter parsing algorithm (bsc#1254904) - Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Improved performance of wheel key.finger call (bsc#1240532) - Improved performance of utils.find_json function (bsc#1246130) - Extend warn_until period to 2027
Affected Systems
- opensuse•salt-test&distro=openSUSE Leap 16.0
< 3006.0-160000.4.1
- opensuse•salt&distro=openSUSE Leap 16.0
< 3006.0-160000.4.1
References (10)
- https://bugzilla.suse.com/1240532
- https://bugzilla.suse.com/1246130
- https://bugzilla.suse.com/1254325
- https://bugzilla.suse.com/1254903
- https://bugzilla.suse.com/1254904
- https://bugzilla.suse.com/1254905
- https://www.suse.com/security/cve/CVE-2025-13836
- https://www.suse.com/security/cve/CVE-2025-67724
- https://www.suse.com/security/cve/CVE-2025-67725
- https://www.suse.com/security/cve/CVE-2025-67726