[kwlug-disc] Salt master. Was it updated after this spring fallout?
Paul Nijjar
paul_nijjar at yahoo.ca
Thu Aug 13 23:14:46 EDT 2020
Oh look what finally hit the package updates for bionic:
--- Changes for salt (salt-common salt-minion) ---
salt (2017.7.4+dfsg1-1ubuntu18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerabilities in salt-api
- debian/patches/CVE-2018-15750_15751.patch: Ensure that tokens are hex
to avoid hanging/errors.
- CVE-2018-15750
- CVE-2018-15751
* SECURITY UPDATE: Command injection vulnerabilities in salt-api and
salt-master caused by improper sanitized input.
- debian/patches/CVE-2019-17361.patch: various netapi fixes and tests.
- debian/patches/CVE-2020-11651_11652_1.patch: Checks and sanitization.
- debian/patches/CVE-2020-11651_11652_2.patch: Adding in missing fixes.
- CVE-2019-17361
- CVE-2020-11651
- CVE-2020-11652
-- Paulo Flabiano Smorigo <pfsmorigo at canonical.com> Wed, 05 Aug 2020
19:59:01 +0000
--
Events: https://feeds.off-topic.kwlug.org
Blog: http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list