GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Mar 31, 2021 12:26 pm Post subject: [ GLSA 202103-01 ] Salt |
 |
|
Gentoo Linux Security Advisory
Title: Salt: Multiple vulnerabilities (GLSA 202103-01)
Severity: normal
Exploitable: local, remote
Date: 2021-03-31
Bug(s): #767919
ID: 202103-01
Synopsis
Multiple vulnerabilities have been found in Salt, the worst of
which could allow remote attacker to execute arbitrary commands.
Background
Salt is a fast, intelligent and scalable automation engine.
Affected Packages
Package: app-admin/salt
Vulnerable: < 3000.8
Unaffected: >= 3000.8
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Salt. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary commands via
salt-api, cause a Denial of Service condition, bypass access restrictions
or disclose sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Salt users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/salt-3000.8"
|
References
CVE-2020-28243
CVE-2020-28972
CVE-2020-35662
CVE-2021-25281
CVE-2021-25282
CVE-2021-25283
CVE-2021-25284
CVE-2021-3144
CVE-2021-3148
CVE-2021-3197 |
|
News & Announcements
