Download
| Alert*
oval:org.secpod.oval:def:604837
Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code execution on salt-api hosts. oval:org.secpod.oval:def:63520 Several vulnerabilities were discovered in salt-master, a powerful remote execution manager, which could result in retrieve of user tokens from the salt-master master, execution of arbitrary commands on salt-master minions, arbitrary directory access to authenticated users or arbitrary code executio ... oval:org.secpod.oval:def:63523 The update for salt-master for the oldstable distribution released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt-master packages are now available to correct this issue. For reference, the original advisory text follows. Several vulnerabilities ... oval:org.secpod.oval:def:89000629 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 oval:org.secpod.oval:def:67073 salt: Infrastructure management built on a dynamic communication bus Several security issues were fixed in Salt. oval:org.secpod.oval:def:62942 The host is installed with SaltStack Salt before 2019.2.4 or 3000.x before 3000.2 and is prone to an authentication vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the ClearFuncs class. Successful exploitation could allow remote attackers to gai ... oval:org.secpod.oval:def:89045070 This update for salt fixes the following issues: Update to Salt release version 3002.2 - Check if dpkgnotify is executable - Drop support for Python2. Obsoletes `python2-salt` package - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devi ... oval:org.secpod.oval:def:89050400 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 oval:org.secpod.oval:def:89043929 This update fixes the following issues: salt: - Fix for TypeError in Tornado importer - Require python3-distro only for TW - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See r ... oval:org.secpod.oval:def:705581 salt: Infrastructure management built on a dynamic communication bus Several security issues were fixed in Salt. oval:org.secpod.oval:def:62936 The host is installed with SaltStack Salt before 2019.2.4 and 3000 before 3000.2 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to handle method calls validation. Successful exploitation allows an attacker to retrieve user tokens from the sa ... oval:org.secpod.oval:def:62933 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly validate method calls in the salt-master process ClearFuncs class. Successful exploitation allows remo ... oval:org.secpod.oval:def:604840 The update for salt-master for the oldstable distribution released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt-master packages are now available to correct this issue. For reference, the original advisory text follows. Several vulnerabilities ... oval:org.secpod.oval:def:89047235 This update for salt fixes the following issues: Update to Salt release version 3002.2 - Check if dpkgnotify is executable - Drop support for Python2. Obsoletes `python2-salt` package - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devi ... oval:org.secpod.oval:def:62930 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly validate method calls in the salt-master process ClearFuncs class. Successful exploitation allows remo ... oval:org.secpod.oval:def:89050337 This update for salt contains the following fixes: - Fix for TypeError in Tornado importer - Require python3-distro only for TW - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. - Add op ... |