Download
| Alert*
oval:org.secpod.oval:def:604837
Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code execution on salt-api hosts. oval:org.secpod.oval:def:63520 Several vulnerabilities were discovered in salt-master, a powerful remote execution manager, which could result in retrieve of user tokens from the salt-master master, execution of arbitrary commands on salt-master minions, arbitrary directory access to authenticated users or arbitrary code executio ... oval:org.secpod.oval:def:63523 The update for salt-master for the oldstable distribution released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt-master packages are now available to correct this issue. For reference, the original advisory text follows. Several vulnerabilities ... oval:org.secpod.oval:def:89000629 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 oval:org.secpod.oval:def:67073 salt: Infrastructure management built on a dynamic communication bus Several security issues were fixed in Salt. oval:org.secpod.oval:def:62941 The host is installed with SaltStack Salt before 2019.2.4 and 3000 before 3000.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle path sanitizations. Successful exploitation allows arbitrary directory access to authenticated users. oval:org.secpod.oval:def:89045070 This update for salt fixes the following issues: Update to Salt release version 3002.2 - Check if dpkgnotify is executable - Drop support for Python2. Obsoletes `python2-salt` package - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devi ... oval:org.secpod.oval:def:89050400 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 oval:org.secpod.oval:def:89043929 This update fixes the following issues: salt: - Fix for TypeError in Tornado importer - Require python3-distro only for TW - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See r ... oval:org.secpod.oval:def:705581 salt: Infrastructure management built on a dynamic communication bus Several security issues were fixed in Salt. oval:org.secpod.oval:def:62935 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly sanitize paths in the salt-master process ClearFuncs class. Successful exploitation allows attackers to p ... oval:org.secpod.oval:def:604840 The update for salt-master for the oldstable distribution released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt-master packages are now available to correct this issue. For reference, the original advisory text follows. Several vulnerabilities ... oval:org.secpod.oval:def:62932 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly sanitize paths in the salt-master process ClearFuncs class. Successful exploitation allows attackers to p ... oval:org.secpod.oval:def:89047235 This update for salt fixes the following issues: Update to Salt release version 3002.2 - Check if dpkgnotify is executable - Drop support for Python2. Obsoletes `python2-salt` package - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devi ... oval:org.secpod.oval:def:89050337 This update for salt contains the following fixes: - Fix for TypeError in Tornado importer - Require python3-distro only for TW - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. - Add op ... oval:org.secpod.oval:def:62951 The host is installed with SaltStack Salt before 2019.2.4 or 3000.x before 3000.2 and is prone to a directory traversal vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the wheel module. Successful exploitation could allow remote attackers to rea ... |