Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Salt
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Salt
ID: USN-7181-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Mo, 6. Januar 2025, 23:13
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846
Applikationen: Salt

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5656525306051667253==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------2m2mqea5tDBX0WuaL8CaJicl"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------2m2mqea5tDBX0WuaL8CaJicl
Content-Type: multipart/mixed;
boundary="------------CsF6NjEvp5SQEMkB2adwaiBA";
protected-headers="v1"
From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <d0197b97-76e6-432d-93b9-4b077613ed6a@canonical.com>
Subject: [USN-7181-1] Salt vulnerability

--------------CsF6NjEvp5SQEMkB2adwaiBA
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7181-1
January 06, 2025

salt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Salt could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- salt: Infrastructure management built on a dynamic communication bus

Details:

It was discovered that Salt incorrectly handled web requests when the SSH
client was enabled. An attacker could possibly use this issue to achieve
remote code execution or obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  salt-common                     0.17.5+ds-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  salt-master                     0.17.5+ds-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  salt-minion                     0.17.5+ds-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  salt-ssh                        0.17.5+ds-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  salt-syndic                     0.17.5+ds-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7181-1
  CVE-2020-16846

--------------CsF6NjEvp5SQEMkB2adwaiBA--

--------------2m2mqea5tDBX0WuaL8CaJicl
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmd8Ff8FAwAAAAAACgkQyfW2m9Ldu6tj
uQ//U7jcUE8kbcl9X+8oZ2DQoqxx9kZL/EC0gi285oAZ+0q/6x5Db0Qk2KDK2zi7iM6ogmLyes/c
U+ZjDs06BA6MtOjJiOOS65nJkjc909ck5Ts6F7S32HmTCqnFG8YaGPsUgOyru5v1dz2xw+IuWwYw
Z1JFwxtY0a9A8LAIqGWgViwETb3iL79KeJngodSg38g5F9It1DUxXEHkZEPwQ5PwTJ9PucfAqCGY
SMzvuw/bXqeu4vGNcTMeegmkvoOppii+3hAJb53Pz/7fChhmco6TjL2XzAdkAf7zvXYyhm2zx8J/
pZmODlKxIdtDq9KZASKIOaPqn7YZxdGMw/uS4YMNitOXbNjAkW83yjHSeMaaK7b7BN+u3g5Kho+w
cbNotig1PGmIkdMVUDRGs8HP+Ddv8LGhRpB96a+o/+LOLbTrIenjx8hezLYdLcr8UeLfjJASYNEr
glaYetumbXo5BzEZKcEiiYVdBRSO2WavsTy9WyZ9/cxtokojxboDMu0uNDYXKKboCN3rP7gmTbZm
kXrFewsPt4kH1T9LlLxJdl6OphlNNlCfUR/KYgOG8JablF02eCTZT9imjFafCz51wikMnSFX/dVN
4PJq/jouPGENEYCPkuK9HvCUoZLURQe1WtbIErMf9osUhaezCr9U+OFe/XHXM90xo836I2hZLutf
Alo=
=xI7/
-----END PGP SIGNATURE-----

--------------2m2mqea5tDBX0WuaL8CaJicl--


--===============5656525306051667253==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============5656525306051667253==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung