Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in salt
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in salt
ID: FEDORA-2021-5756fbf8a6
Distribution: Fedora
Plattformen: Fedora 33
Datum: Di, 2. März 2021, 20:37
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28972
Applikationen: Salt

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2021-5756fbf8a6
2021-03-02 15:54:53.504811
-------------------------------------------------------------------------------
-

Name : salt
Product : Fedora 33
Version : 3002.5
Release : 1.fc33
URL : http://saltstack.org/
Summary : A parallel remote execution system
Description :
Salt is a distributed remote execution system used to execute commands and
query data. It was developed in order to bring the best solutions found in
the world of remote execution together and make them better, faster and more
malleable. Salt accomplishes this via its ability to handle larger loads of
information, and not just dozens, but hundreds or even thousands of individual
servers, handle them quickly and through a simple and manageable interface.

-------------------------------------------------------------------------------
-
Update Information:

Update to CVE release 3002.5-1 for Python 3 Fixed on this release:
CVE-2021-25283 Fixed in 3002.3: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662
CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283
CVE-2021-25284 CVE-2021-25284 CVE-2021-3197
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Feb 26 2021 SaltStack Packaging Team <packaging@saltstack.com> -
3002.5-1
- Update to CVE release 3002.5-1 for Python 3
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1933324 - CVE-2021-3197 salt: Shell injection by including
ProxyCommand in an argument [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933324
[ 2 ] Bug #1933326 - CVE-2021-25281 salt: API does not honor eAuth
credentials for the wheel_async client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933326
[ 3 ] Bug #1933329 - CVE-2021-25282 salt: Directory traversal in
wheel.pillar_roots.write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933329
[ 4 ] Bug #1933332 - CVE-2021-25283 salt: Jinja renderer does not protect
against server-side template injection attacks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933332
[ 5 ] Bug #1933337 - CVE-2021-3148 salt: Command injection in
salt.utils.thin.gen_thin() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933337
[ 6 ] Bug #1933340 - CVE-2021-25284 salt: webutils write passwords in
cleartext to /var/log/salt/minion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933340
[ 7 ] Bug #1933343 - CVE-2020-35662 salt: Certain modules do not always
validated SSL certificates [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933343
[ 8 ] Bug #1933345 - CVE-2021-3144 salt: eauth tokens can be used once after
expiration [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933345
[ 9 ] Bug #1933348 - CVE-2020-28972 salt: Authentication to vCenter, vSphere,
and ESXi servers does not always validate the SSL/TLS certificate [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933348
[ 10 ] Bug #1933351 - CVE-2020-28243 salt: Privilege escalation on a minion
when an unprivileged user is able to create files in any non-blacklisted directory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933351
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-5756fbf8a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung