Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Debian 9 Stretch DLA-2480-2: Moderate Salt Regression Issues Fixed

debian lts
Calendar Grey January 3, 2022
Dist Debian Esm H88
The latest Debian LTS Advisory DLA-2480-3 rectifies issues within salt, reinforcing the security of distributed command execution utilities.
Past security updates of Salt, a remote execution manager, introduced regressions for which follow-up fixes were published: CVE 2020-16846 regression
Topics%20covered

Topics Covered

security advisory moderate security issue debian fixes regression salt

Summary

CVE 2020-16846 regression

'salt-ssh' master key initialization fails

CVE 2021-3197 regression

Valid parameters are discarded for the SSHClient

CVE 2020-28243 follow-up

Prevent argument injection in restartcheck

CVE 2021-25282 regression

pillar_roots.write cannot write to subdirs
CVE 2021-25284 regression

The 'cmd.run' function crashes if passing tuple arg

For Debian 9 stretch, this problem has been fixed in version
2016.11.2+ds-1+deb9u10.

We recommend that you upgrade your salt packages.

For the detailed security status of salt please refer to
its security tracker page at:


Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Package: salt
Version: 2016.11.2+ds-1+deb9u10
CVE ID: CVE-2020-16846 CVE-2021-3197 CVE-2020-28243

Topics%20covered

Topics Covered

security advisory moderate security issue debian fixes regression salt

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here