Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

SUSE: 2021:0619-1 Critical: Salt Update For Multiple Threats

suse
Calendar Grey February 26, 2021
Dist Suse Esm H88
SUSE unveiled a vital update for salt, mitigating 10 security flaws. Check inside for specifics and guidance on applying patches.
An update that solves 10 vulnerabilities and has two fixes is now available

Summary

This update for salt fixes the following issues: - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)

References

#1181550 #1181556 #1181557 #1181558 #1181559

#1181560 #1181561 #1181562 #1181563 #1181564

#1181565 #1182740

Cross- CVE-2020-28243 CVE-2020-28972 CVE-2020-35662

CVE-2021-25281 CVE-2021-25282 CVE-2021-25283

CVE-2021-25284 CVE-2021-3144 CVE-2021-3148

CVE-2021-3197

CVSS scores:

CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0619-1
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.