it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4676-1] salt security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4676-1] salt security update
Date: Wed, 06 May 2020 04:15:33 +0000
List-archive: https://lists.debian.org/msgid-search/E1jWBT3-0001kZ-G9 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=hsbjTBy2X0mQ26T+4O6ap6o7ibxQ0VEMMQYgmFa6Deo=; b=fr 5bWnG5jM1u/aZQtzS7mnR6EGSfQwWx2xDF+DSCzoZDf9vxvw8iVW6yEpROyII4epvaaR4I8swLgC0 YmyS1bJ0hmcUaZNBtuey/K3j5uxZJ+3IanWDNpcf6cwflTPdDv7LviydXeZuJPXqjl09lzBudEQIF 8ohq3TT8nD6wVwqO96qStEk0rBFAmrQmNL81WWsm79elwU9pP76kPoaTriCZIFXcXUlxAjvv8TzgJ ajHtY9G6b5yhG6P3duig/EVP3g59H1vcwmSUKFSYkFI+VznaeIr4NtZc1P+C9SKzXCxhon2JPu54h sltbbk3j1xVaBd1VfsWVB2altsI+W1aw==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 6 May 2020 04:15:52 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <NvhgRQ653_B.A.bOE.4njseB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4676-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 06, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : salt
CVE ID : CVE-2019-17361 CVE-2020-11651 CVE-2020-11652
Debian Bug : 949222 959684

Several vulnerabilities were discovered in salt, a powerful remote
execution manager, which could result in retrieve of user tokens from
the salt master, execution of arbitrary commands on salt minions,
arbitrary directory access to authenticated users or arbitrary code
execution on salt-api hosts.

For the oldstable distribution (stretch), these problems have been fixed
in version 2016.11.2+ds-1+deb9u3.

For the stable distribution (buster), these problems have been fixed in
version 2018.3.4+dfsg1-6+deb10u1.

We recommend that you upgrade your salt packages.

For the detailed security status of salt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/salt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6yOchfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T6gA//Vq+UdvaEoeTsqMoVzAoeqyw57q2pygxeDGS62n2fWFs5Y9I13qyW/45g
9dWJJunNWskkYBATLdfIO7tSx9B/9kQucRcL81zJ3WLiu5cKiQjLEGjrx6gq7gwU
9WQuoq/M6W9scuGYGemzM1tMGnA0lrDwYm1hb2CXb8BXhtEz0Xapkozi7ZOpuL+J
eQwU3jn50Hvh9lF3fHLJstaSzy8aS0arYfFYvq+hevjP8MmVyyqve1WZLrLLp1Th
lgwxqsDjqzWXKgyf4+gG0f1hi76qSbHFtHNOzBNW0kwNKKJdp8VXBD9n5z04PGKF
5kT2eQl4FeYR8Mae9zOZf9gDVtATFVP8bAYH6LU9TXmEA5DbA8QoYDWYfmF6YRW2
tJqIWh61n61ZRcvokuEdDXYdx1qBA/tBCdhwi+XYJxT2mdkXdATNCqekKlWtuLZO
KbneoiHav4U2QiLkaMv0YfVzDucHMMfvzCrOGUFwEJgUGDCLP6UWZ5utagw017X8
Br4WmeRX59kDOJHX/q985Z51Byf+fmEwT88paFaCHAVKTvAaCS7d9Uw3AsScBw0W
lv8BQ8X1865QFYZQnPcipUD5iRc9PK6ZUScYlHzhjSUNzwOQ30HMVsmNdBvgGxsH
HEmtB6jyCNW2KofY8jm9Aw4ZbOGO5XaYTkUq0Kz4A5a91BbrQqY=
=go+8
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4676-1] salt security update, Salvatore Bonaccorso, 06.05.2020

Archiv bereitgestellt durch MHonArc 2.6.19.