exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 4676-2

Debian Security Advisory 4676-2
Posted May 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4676-2 - The update for salt for the oldstable distribution (stretch) released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt packages are now available to correct this issue. For reference, the original advisory text follows.

tags | advisory
systems | linux, debian
advisories | CVE-2020-11651, CVE-2020-11652
SHA-256 | 796842d23e3e132487d82a2497387a92aa2770d53d6f95db179b90ce2981e9ee

Debian Security Advisory 4676-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4676-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 07, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : salt
CVE ID : CVE-2020-11651 CVE-2020-11652
Debian Bug : 959684

The update for salt for the oldstable distribution (stretch) released as
DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and
CVE-2020-11652. Updated salt packages are now available to correct this
issue. For reference, the original advisory text follows.

Several vulnerabilities were discovered in salt, a powerful remote
execution manager, which could result in retrieve of user tokens from
the salt master, execution of arbitrary commands on salt minions,
arbitrary directory access to authenticated users or arbitrary code
execution on salt-api hosts.

For the oldstable distribution (stretch), these problems have been fixed
in version 2016.11.2+ds-1+deb9u4.

We recommend that you upgrade your salt packages.

For the detailed security status of salt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/salt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl60bGhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QRrRAAnqKJR7Yvq9kWfFinvL3wxS2NUBxiVUmXZmvywk/eZBxV8zkY8ldEF0XA
Hczkdcnq7oXaxMpIMRiTa3/ZhK9qfuDdpJQ8+wCYHXMrcn5WBOvNOPAv4hH4NNEr
gzRym6WRPWbT7z7LCaz0iVOfnxYy0fthOp2VSoHGqnnrHW4YPtbYDXVVuINH8EgR
pGQ+VnGaphW1Y77GvOmICvthrwKbghrDTyH4OnzTG4z2oSRPZX01NexhlqrZ+Gyi
+rJBRieZFCWZove9ytlrufp3DcGT4aW+LRDpyMrKpz2v9qW9z3k3O54VERqFZ6xQ
XMg2qjJc92M69rSKKdJ7XxqMv84pquQ4Hc8semvjoXFWpjt6mx2l6hdA64SdJSRx
rvBFIPDx0YzkimhN7P09rAJ+b1jz4H2NI2klDuuyR9e4C14VFPiR3SIb5KUEMgqU
fxrvUIOkejgvnU4esCs/7ekMqnl12j65fzFEvaoRm+Qw4WZqs1XsUR9YJABh+cts
fc+jWmZ2Cu+R5hmvjUmKwfwkQmoEOA2QaZPuhnsCfRqxAnYY0QsUbqWg4OjjlXi/
2Yi1lYxAxr0/7KGkjBvZzFiJkCjdvHFawHgV7uCRIT4hn6xx/cQj43EIIsGeV8ru
eW9UATIKHblDtVd55zvPsgs2BW7xmT5um4NaKSLQliw2ux5DvmI=
=sXua
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close