Stay Secure with the Latest Linux Advisories

security advisorysecurity issuecritical

Fedora 39: FEDORA-2023-3eda7b85f5 Critical: Salt SSH Script Attack

Fix for CVE-2023-34049. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-3eda7b85f5 2023-11-08 01:25:18.668400 -------------------------------------------------------------------------------- Name : salt Product : Fedora 39 Version : 3006.4 Release : 1.fc39 URL : https://saltproject.io/ Summary : A parallel remote execution system Description : Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individual servers, handle them quickly and through a simple and manageable interface. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2023-34049 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 30 2023 Gwyn Ciesla - 3006.4-1 - 3006.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2246812 - salt-3006.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2246812 [ 2 ] Bug #2246982 - CVE-2023-34049 salt: allows an attacker to force Salt-SSH to run their script [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2246982 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-3eda7b85f5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Significant Fedora 39 patch tackles CVE-2023-34049 flaw concerning the salt execution framework.. Fedora 39 Update,Salt Execution System,Critical Fix,CVE-2023-34049. . Severity: Critical. LinuxSecurity.com Team

Nov 08, 2023 •Critical Fedora