it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4837-1] salt security update
- Date: Sun, 24 Jan 2021 15:29:40 +0000
- List-archive: https://lists.debian.org/msgid-search/E1l3hKe-0003uj-Vg AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=nZxEAZc/h14lCPWJm3ANdXKUQNzoKiEW8N6xMDTm8Bk=; b=Zp EmHl0AZPxljFTYfVHWy1SBlkHDr9SUIPZj3aq2oydgHrvtDz5XdzUmiSmUPZ9WnqAetWIPF3BgMgI qaX2Wjsco5v52Ekj95I+rH26WhqcTipjuKl9Th3utXpfL+ug8GufWzKYDP+c9GsrrljyO7pjV9j+/ WdbRZ/YBAILBY8tlpjIPvdlMpKZ+zb0amAnmpxYT/u3EQhESVLVzIwd2hBKdXlN8ZBLhlf8OjS+Gu fBV78xRO5sWxnhzgPlhXOE38+JPsc58wM2aB8xUL1qtqCRr8YUPnI2sa5W30W0lRddXje8V9b1UP3 S9szXbHuxJ1gFH9MlgXdkPJ3MO4toQPw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 24 Jan 2021 15:29:56 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <-9mN28fJZTF.A.pgB.0JZDgB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4837-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 24, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : salt
CVE ID : CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Several vulnerabilities were discovered in salt, a powerful remote
execution manager. The flaws could result in authentication bypass and
invocation of Salt SSH, creation of certificates with weak file
permissions via the TLS execution module or shell injections with the
Salt API using the SSH client.
For the stable distribution (buster), these problems have been fixed in
version 2018.3.4+dfsg1-6+deb10u2.
We recommend that you upgrade your salt packages.
For the detailed security status of salt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/salt
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmANkXVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SBWRAAoHGD+OhrOH0ceSVeirl6qrIQua7L+70a4s2wh251K4pnE72fZl9Dt+IT
Idhc6YZhQ+Y0j3Bu+J2YE9NWUXsgaAN99tRUDe8vnbgjtPc3VHMk7LyfPc6PEaIl
jMWT2BeN6FbusuLk4Kwwqa+oZ8qxEKqnU7L+eHI/sX2UjUZt5hvMfTFESHayivUM
OXNH7/SdEL3V2nC/I8Vr0NwhrVE2sv/yKSyp5faawC+tBPhhzyM1Gnaka9yGxjq4
k/x5Vi2zoyTZziRss9WZ3st0Mbh+O/qKzIIQP+1SIqnIJXx/tXXgLIt95WiXu/lr
6+DsrndVrHfRgGUVELZnp3s00/ddEXanTJtJKwf9BnlPrLKp+kiQU3wPNrR4EGHa
yDjxf2e4vWJWqaC1H3u6MvfUpkG4WdTxXOi9Q5y3xEZfgKrs5AjIAXSGRILIV1Q9
UoPELoFzkLG1tTJ5LjMNl5N3CnsK8xeuuQ5Ljb1rH9c7EWXPma1XXg6SdorTz21h
eUs3X3teSagepPknitSAErYsEXCE/r7rgg1aqeWlleH/r8jYid4eEWGJP+8lrv7b
Scl1oEMg6rqLfLC7VKqGJdrFRKNWpRdlw4YRe1qed/lyAL/mrMq60r61FWA5NhFs
lmxgdTLSK5vSROCxXLYhg6WmkFtLO4IcufQbzTIaaGnQqbG3xI8=
=1Rmw
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4837-1] salt security update, Salvatore Bonaccorso, 24.01.2021
Archiv bereitgestellt durch MHonArc 2.6.24.