drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Salt
Name: |
Ausführen beliebiger Kommandos in Salt |
|
ID: |
USN-7181-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Mo, 6. Januar 2025, 23:13 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846 |
|
Applikationen: |
Salt |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5656525306051667253== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------2m2mqea5tDBX0WuaL8CaJicl"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2m2mqea5tDBX0WuaL8CaJicl Content-Type: multipart/mixed; boundary="------------CsF6NjEvp5SQEMkB2adwaiBA"; protected-headers="v1" From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <d0197b97-76e6-432d-93b9-4b077613ed6a@canonical.com> Subject: [USN-7181-1] Salt vulnerability
--------------CsF6NjEvp5SQEMkB2adwaiBA Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-7181-1 January 06, 2025
salt vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Salt could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - salt: Infrastructure management built on a dynamic communication bus
Details:
It was discovered that Salt incorrectly handled web requests when the SSH client was enabled. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS salt-common 0.17.5+ds-1ubuntu0.1~esm4 Available with Ubuntu Pro salt-master 0.17.5+ds-1ubuntu0.1~esm4 Available with Ubuntu Pro salt-minion 0.17.5+ds-1ubuntu0.1~esm4 Available with Ubuntu Pro salt-ssh 0.17.5+ds-1ubuntu0.1~esm4 Available with Ubuntu Pro salt-syndic 0.17.5+ds-1ubuntu0.1~esm4 Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-7181-1 CVE-2020-16846
--------------CsF6NjEvp5SQEMkB2adwaiBA--
--------------2m2mqea5tDBX0WuaL8CaJicl Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmd8Ff8FAwAAAAAACgkQyfW2m9Ldu6tj uQ//U7jcUE8kbcl9X+8oZ2DQoqxx9kZL/EC0gi285oAZ+0q/6x5Db0Qk2KDK2zi7iM6ogmLyes/c U+ZjDs06BA6MtOjJiOOS65nJkjc909ck5Ts6F7S32HmTCqnFG8YaGPsUgOyru5v1dz2xw+IuWwYw Z1JFwxtY0a9A8LAIqGWgViwETb3iL79KeJngodSg38g5F9It1DUxXEHkZEPwQ5PwTJ9PucfAqCGY SMzvuw/bXqeu4vGNcTMeegmkvoOppii+3hAJb53Pz/7fChhmco6TjL2XzAdkAf7zvXYyhm2zx8J/ pZmODlKxIdtDq9KZASKIOaPqn7YZxdGMw/uS4YMNitOXbNjAkW83yjHSeMaaK7b7BN+u3g5Kho+w cbNotig1PGmIkdMVUDRGs8HP+Ddv8LGhRpB96a+o/+LOLbTrIenjx8hezLYdLcr8UeLfjJASYNEr glaYetumbXo5BzEZKcEiiYVdBRSO2WavsTy9WyZ9/cxtokojxboDMu0uNDYXKKboCN3rP7gmTbZm kXrFewsPt4kH1T9LlLxJdl6OphlNNlCfUR/KYgOG8JablF02eCTZT9imjFafCz51wikMnSFX/dVN 4PJq/jouPGENEYCPkuK9HvCUoZLURQe1WtbIErMf9osUhaezCr9U+OFe/XHXM90xo836I2hZLutf Alo= =xI7/ -----END PGP SIGNATURE-----
--------------2m2mqea5tDBX0WuaL8CaJicl--
--===============5656525306051667253== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============5656525306051667253==--
|
|
|
|