Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2021:0631-1 Critical: Salt Security Issues Addressed

suse
Calendar Grey February 26, 2021
Dist Suse Esm H88
Important SUSE patch released for salt tackling 10 vulnerabilities and offering crucial enhancements. Maintain your security!
An update that solves 10 vulnerabilities and has two fixes is now available

Summary

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True Patch Instructions:

References

#1181550 #1181556 #1181557 #1181558 #1181559

#1181560 #1181561 #1181562 #1181563 #1181564

#1181565 #1182740

Cross- CVE-2020-28243 CVE-2020-28972 CVE-2020-35662

CVE-2021-25281 CVE-2021-25282 CVE-2021-25283

CVE-2021-25284 CVE-2021-3144 CVE-2021-3148

CVE-2021-3197

CVSS scores:

CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0631-1
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.