SUSE-SU-2025:4447-1
Vulnerability Summary
Timeline
Description
Security update 5.1.1.1 for Multi-Linux Manager Salt Bundle This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257) - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Other changes and bugs fixed: - Fixed TLS and x509 modules for OSes with older cryptography module - Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) * Use external tornado on Python > 3.11 * Make tls and x509 to use python-cryptography * Remove usage of spwd - Fixed payload signature verification on Tumbleweed (bsc#1251776) - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
Affected Systems
- suse•venv-salt-minion&distro=SUSE Multi Linux Manager Tools SLE-15
< 3006.0-150002.5.6.1
- suse•venv-salt-minion&distro=SUSE Multi Linux Manager Tools SLE-Micro-5
< 3006.0-150002.5.6.1
References (10)
- https://www.suse.com/support/update/announcement/2025/suse-su-20254447-1/
- https://bugzilla.suse.com/1227207
- https://bugzilla.suse.com/1250520
- https://bugzilla.suse.com/1251776
- https://bugzilla.suse.com/1252244
- https://bugzilla.suse.com/1252285
- https://bugzilla.suse.com/1254256
- https://bugzilla.suse.com/1254257
- https://www.suse.com/security/cve/CVE-2025-62348
- https://www.suse.com/security/cve/CVE-2025-62349