Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:0564-1

Опубликовано: 30 апр. 2020
Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

  • Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1
python2-salt-2019.2.0-lp151.5.15.1
python3-salt-2019.2.0-lp151.5.15.1
salt-2019.2.0-lp151.5.15.1
salt-api-2019.2.0-lp151.5.15.1
salt-bash-completion-2019.2.0-lp151.5.15.1
salt-cloud-2019.2.0-lp151.5.15.1
salt-doc-2019.2.0-lp151.5.15.1
salt-fish-completion-2019.2.0-lp151.5.15.1
salt-master-2019.2.0-lp151.5.15.1
salt-minion-2019.2.0-lp151.5.15.1
salt-proxy-2019.2.0-lp151.5.15.1
salt-ssh-2019.2.0-lp151.5.15.1
salt-standalone-formulas-configuration-2019.2.0-lp151.5.15.1
salt-syndic-2019.2.0-lp151.5.15.1
salt-zsh-completion-2019.2.0-lp151.5.15.1

Ссылки

Описание

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Затронутые продукты
openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1
openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1
openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1
openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1
Ссылки

Описание

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Затронутые продукты
openSUSE Leap 15.1:python2-salt-2019.2.0-lp151.5.15.1
openSUSE Leap 15.1:python3-salt-2019.2.0-lp151.5.15.1
openSUSE Leap 15.1:salt-2019.2.0-lp151.5.15.1
openSUSE Leap 15.1:salt-api-2019.2.0-lp151.5.15.1
Ссылки