Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Ubuntu 14.04 LTS USN-6849-1: Risk of Remote Access in Salt Software

ubuntu
Calendar Grey June 25, 2024
Scroller Ubuntu
Multiple vulnerabilities addressed in Salt for Ubuntu 14.04 LTS under advisory USN-6849-1. Critical guidance for updates provided.
Several security issues were fixed in Salt.

Summary

Several security issues were fixed in Salt.

Software Description:

- salt: Infrastructure management built on a dynamic communication bus

Details:

It was discovered that Salt incorrectly validated method calls and

sanitized paths. A remote attacker could possibly use this issue to access

some methods without authentication. (CVE-2020-11651, CVE-2020-11652)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   salt-common                     0.17.5+ds-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   salt-master                     0.17.5+ds-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   salt-minion                     0.17.5+ds-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

After a standard system update you need to restart Salt to make all the
necessary changes.

References

  https://ubuntu.com/security/notices/USN-6849-1

  CVE-2020-11651, CVE-2020-11652

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6849-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.