-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4676-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2020 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : salt CVE ID : CVE-2019-17361 CVE-2020-11651 CVE-2020-11652 Debian Bug : 949222 959684 Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code execution on salt-api hosts. For the oldstable distribution (stretch), these problems have been fixed in version 2016.11.2+ds-1+deb9u3. For the stable distribution (buster), these problems have been fixed in version 2018.3.4+dfsg1-6+deb10u1. We recommend that you upgrade your salt packages. For the detailed security status of salt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/salt Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6yOchfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T6gA//Vq+UdvaEoeTsqMoVzAoeqyw57q2pygxeDGS62n2fWFs5Y9I13qyW/45g 9dWJJunNWskkYBATLdfIO7tSx9B/9kQucRcL81zJ3WLiu5cKiQjLEGjrx6gq7gwU 9WQuoq/M6W9scuGYGemzM1tMGnA0lrDwYm1hb2CXb8BXhtEz0Xapkozi7ZOpuL+J eQwU3jn50Hvh9lF3fHLJstaSzy8aS0arYfFYvq+hevjP8MmVyyqve1WZLrLLp1Th lgwxqsDjqzWXKgyf4+gG0f1hi76qSbHFtHNOzBNW0kwNKKJdp8VXBD9n5z04PGKF 5kT2eQl4FeYR8Mae9zOZf9gDVtATFVP8bAYH6LU9TXmEA5DbA8QoYDWYfmF6YRW2 tJqIWh61n61ZRcvokuEdDXYdx1qBA/tBCdhwi+XYJxT2mdkXdATNCqekKlWtuLZO KbneoiHav4U2QiLkaMv0YfVzDucHMMfvzCrOGUFwEJgUGDCLP6UWZ5utagw017X8 Br4WmeRX59kDOJHX/q985Z51Byf+fmEwT88paFaCHAVKTvAaCS7d9Uw3AsScBw0W lv8BQ8X1865QFYZQnPcipUD5iRc9PK6ZUScYlHzhjSUNzwOQ30HMVsmNdBvgGxsH HEmtB6jyCNW2KofY8jm9Aw4ZbOGO5XaYTkUq0Kz4A5a91BbrQqY= =go+8 -----END PGP SIGNATURE-----