openSUSE-SU-2021:3557-1

Опубликовано: 27 окт. 2021

Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265)

Список пакетов

openSUSE Leap 15.3

python3-salt-3002.2-50.1.15.1

salt-3002.2-50.1.15.1

salt-api-3002.2-50.1.15.1

salt-bash-completion-3002.2-50.1.15.1

salt-cloud-3002.2-50.1.15.1

salt-doc-3002.2-50.1.15.1

salt-fish-completion-3002.2-50.1.15.1

salt-master-3002.2-50.1.15.1

salt-minion-3002.2-50.1.15.1

salt-proxy-3002.2-50.1.15.1

salt-ssh-3002.2-50.1.15.1

salt-standalone-formulas-configuration-3002.2-50.1.15.1

salt-syndic-3002.2-50.1.15.1

salt-transactional-update-3002.2-50.1.15.1

salt-zsh-completion-3002.2-50.1.15.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R7B4SF25YMDBZ6THNOFMFVVX33VAXGND/
E-Mail link for openSUSE-SU-2021:3557-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1190265
SUSE Bug 1190265
https://www.suse.com/security/cve/CVE-2021-21996/
SUSE CVE CVE-2021-21996 page

Описание

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Затронутые продукты

openSUSE Leap 15.3:python3-salt-3002.2-50.1.15.1

openSUSE Leap 15.3:salt-3002.2-50.1.15.1

openSUSE Leap 15.3:salt-api-3002.2-50.1.15.1

openSUSE Leap 15.3:salt-bash-completion-3002.2-50.1.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-21996.html
CVE-2021-21996
https://bugzilla.suse.com/1190265
SUSE Bug 1190265
https://bugzilla.suse.com/1210934
SUSE Bug 1210934

openSUSE-SU-2021:3557-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-21996

Описание

Затронутые продукты

Ссылки