Security update for salt (critical)

An update that solves three vulnerabilities and has 6 fixes
is now available.

Description:

This update for salt fixes the following issues:

• Properly validate eauth credentials and tokens on SSH calls made by Salt
  API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592,
  CVE-2020-17490, CVE-2020-16846)
• Fix disk.blkid to avoid unexpected keyword argument ‘__pub_user’.
  (bsc#1177867)
• Ensure virt.update stop_on_reboot is updated with its default value.
• Do not break package building for systemd OSes.
• Drop wrong mock from chroot unit test.
• Support systemd versions with dot. (bsc#1176294)
• Fix for grains.test_core unit test.
• Fix file/directory user and group ownership containing UTF-8 characters.
  (bsc#1176024)
• Several changes to virtualization:
  • Fix virt update when cpu and memory are changed.
  • Memory Tuning GSoC.
  • Properly fix memory setting regression in virt.update.
  • Expose libvirt on_reboot in virt states.
• Support transactional systems (MicroOS).
• zypperpkg module ignores retcode 104 for search(). (bsc#1159670)
• Xen disk fixes. No longer generates volumes for Xen disks, but the
  corresponding file or block disk. (bsc#1175987)
• Invalidate file list cache when cache file modified time is in the
  future. (bsc#1176397)
• Prevent import errors when running test_btrfs unit tests.

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2020-1833=1