Lucene search
SuseOPENSUSE-SU-2021:2106-1HistoryJul 11, 2021 - 12:00 a.m.
Security update for salt (critical)
2021-07-1100:00:00
lists.opensuse.org
24
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
An update that solves 7 vulnerabilities, contains three
features and has three fixes is now available.
Description:
This update for salt fixes the following issues:
Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033,
jsc#SLE-18028)
- Check if dpkgnotify is executable (bsc#1186674)
- Drop support for Python2. Obsoletes
python2-saltpackage
(jsc#SLE-18028) - virt module updates
- network: handle missing ipv4 netmask attribute
- more network support
- PCI/USB host devices passthrough support
- Set distro requirement to oldest supported version in
requirements/base.txt - Bring missing part of async batch implementation back (CVE-2021-25315,
bsc#1182382) - Always require
python3-distro(bsc#1182293) - Remove deprecated warning that breaks minion execution when
βserver_id_use_crcβ opts is missing - Fix pkg states when DEB package has βallβ arch
- Do not force beacons configuration to be a list.
- Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
- msgpack support for version >= 1.0.0 (bsc#1171257)
- Fix issue parsing errors in ansiblegate state module
- Prevent command injection in the snapper module (bsc#1185281,
CVE-2021-31607) - transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18033)
- Improvements on βansiblegateβ module (bsc#1185092):
- New methods: ansible.targets / ansible.discover_playbooks
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Update target fix for salt-ssh and avoiding race condition on salt-ssh
event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or βzypper patchβ.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2106=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.3 | noarch | <Β - openSUSE Leap 15.3 (noarch): | - openSUSE Leap 15.3 (noarch):.noarch.rpm |
Related
nessus
nessus
openSUSE 15 Security Update : salt (openSUSE-SU-2021:2106-1)
2021-07-16 00:00:00
openSUSE 15 Security Update : salt (openSUSE-SU-2021:0899-1)
2021-06-28 00:00:00
openSUSE Security Update : salt (openSUSE-2020-1074)
2020-07-28 00:00:00
suse
suse
Security update for salt (critical)
2021-06-23 00:00:00
Security update for salt (moderate)
2020-07-26 00:00:00
Security update for salt (important)
2018-12-18 15:09:06
ubuntu
ubuntu
Salt vulnerabilities
2020-08-13 00:00:00
Salt vulnerabilities
2021-03-15 00:00:00
debian
debian
[SECURITY] [DLA 2294-1] salt security update
2020-07-28 20:26:12
[SECURITY] [DSA 4676-2] salt security update
2020-05-07 20:16:07
[SECURITY] [DSA 4676-2] salt security update
2020-05-07 20:16:07
openvas
openvas
openSUSE: Security Advisory for salt (openSUSE-SU-2018:4174-1)
2018-12-19 00:00:00
openSUSE: Security Advisory for salt (openSUSE-SU-2018:4197-1)
2018-12-20 00:00:00
openSUSE: Security Advisory for salt (openSUSE-SU-2018:4174-1)
2018-12-19 00:00:00
freebsd
freebsd
salt -- multiple vulnerabilities
2018-10-24 00:00:00
salt -- multiple vulnerabilities in salt-master process
2020-04-30 00:00:00
salt -- multiple vulnerabilities
2020-11-06 00:00:00
osv
osv
salt - security update
2020-07-28 00:00:00
salt - security update
2020-05-07 00:00:00
salt - security update
2020-05-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Saltstack Salt Authentication Bypass (CVE-2020-11651; CVE-2020-11652)
2020-05-05 00:00:00
zdt
zdt
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit
2020-05-12 00:00:00
Saltstack 3000.1 Remote Code Execution Exploit
2020-05-07 00:00:00
Saltstack 3000.1 - Remote Code Execution Exploit
2020-05-04 00:00:00
githubexploit
githubexploit
Exploit for Missing Authentication for Critical Function in Saltstack Salt
2020-05-01 20:53:49
Exploit for Missing Authentication for Critical Function in Saltstack Salt
2020-11-30 09:23:23
Exploit for Missing Authentication for Critical Function in Saltstack Salt
2020-05-01 03:23:01
vmware
vmware
thn
thn
attackerkb
attackerkb
CVE-2020-11651
2020-04-30 00:00:00
CVE-2020-11652
2020-04-30 00:00:00
CVE-2020-16846 β SaltStack Unauthenticated Shell Injection
2020-11-06 00:00:00
cisa
cisa
SaltStack Patches Critical Vulnerabilities in Salt
2020-05-01 00:00:00
threatpost
threatpost
Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
2020-05-04 19:23:41
Salt Bugs Allow Full RCE as Root on Cloud Servers
2020-04-30 20:54:50
Hackers Compromise Cisco Servers Via SaltStack Flaws
2020-05-28 20:51:25
metasploit
metasploit
SaltStack Salt Master Server Root Key Disclosure
2020-05-11 17:05:38
SaltStack Salt Master/Minion Unauthenticated RCE
2020-05-11 17:05:38
trendmicroblog
trendmicroblog
archlinux
archlinux
[ASA-202005-1] salt: multiple issues
2020-05-05 00:00:00
[ASA-202011-7] salt: multiple issues
2020-11-10 00:00:00
cisco
cisco
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
2020-05-28 16:00:00
packetstorm
packetstorm
Saltstack 3000.1 Remote Code Execution
2020-05-05 00:00:00
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution
2020-05-12 00:00:00
SaltStack Salt REST API Arbitrary Command Execution
2020-11-12 00:00:00
huawei
huawei
Security Advisory - Two Vulnerabilities in SaltStack Salt
2020-07-15 00:00:00
rapid7blog
rapid7blog
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
2020-11-10 14:22:33
Metasploit Wrap-Up
2020-11-13 19:08:01
photon
photon
Critical Photon OS Security Update - PHSA-2020-0091
2020-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0091
2020-05-15 00:00:00
prion
prion
Directory traversal
2018-10-24 22:29:00
Authentication flaw
2018-10-24 22:29:00
Authentication flaw
2020-11-06 08:15:00
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
alpinelinux
alpinelinux
veracode
veracode
Remote Code Execution (RCE)
2018-10-25 05:21:43
Arbitrary Directory Access
2020-05-04 04:38:10
Authentication Bypass
2021-04-29 12:14:32
fedora
fedora
[SECURITY] Fedora 33 Update: salt-3003-1.fc33
2021-04-28 02:45:07
[SECURITY] Fedora 33 Update: salt-3002.1-1.fc33
2020-11-06 01:15:59
[SECURITY] Fedora 31 Update: salt-3001.3-1.fc31
2020-11-07 00:23:23
cisa_kev
cisa_kev
SaltStack Salt Authentication Bypass Vulnerability
2021-11-03 00:00:00
SaltStack Salt Path Traversal Vulnerability
2021-11-03 00:00:00
github
github
Command Injection in SaltStack Salt
2022-05-24 17:48:21
gentoo
gentoo
Salt: Multiple vulnerabilities
2020-11-11 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for OPENSUSE-SU-2021:2106-1