[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2294-1] salt security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2294-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 28, 2020                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : salt
Version        : 2016.11.2+ds-1+deb9u5
CVE ID         : CVE-2018-15750 CVE-2018-15751


Two issues have been found in salt, a remote manager to administer servers.

These issues are related to remote hackers bypassing authentication to execute arbitrary commands and getting informations about files on the server


For Debian 9 stretch, these problems have been fixed in version
2016.11.2+ds-1+deb9u5.

We recommend that you upgrade your salt packages.

For the detailed security status of salt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/salt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8gieRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEevIw//WoINA80vDyFnsxiCpJEU6ZE0K171amM17d8iQckBjW87Ys8WhX4A2Vo9
r6Edk5snB86SjseXrBhgfya3ER0VqVhozWhNacD3eeAaMUjLawzgg+AjMPxGeYN+
ng8O2I8vWxP0cmeylsg1hiWNmStNw16LpHLT+Gv6ZHj/FFX5C9dIwxg1JJqzrwcr
VRNCc/tlEmSQmtXgrfUwxF28BewJLpxNgHViC93HGXgAmhVK0+ALAloKYKVEM34o
pigYS55epdfZxLvtUJv+QD2xjMj4no6iQlRSDVPcwn2LjTO2V0m1JdtA1FXjwMRd
zQt65I7qVp2Nvgwr77+Yjvi+XoioLNyLJEiBDCuTleQhxBtLS0Cp8FCbEwyIGqhe
4gl1zXySisvqeu73NnpOgQcH1kAxjxA7WTc47JwBhOLYUmPXa4H8bQ22vkvq6LHh
mX48m11DiJty3xHJXvQEZ9MERK0AcLdtxNk6qv75SkC1NuYyXhvPet3rTMCokevn
YVAZb6jperKPwj++Yv2aGcC2tZflhluPprmdr2vnKqOUK34gAbn5si+kVC7YGAEa
GznDEetz2ArcBiqUI7KC6s+Zk6XkW+k4lV4UKaJUmWVztB9M3jJUYG/CUTmO33lx
x70xwVnsK4PLjcfyJOOkSA4MBmfLPN/rWzE3L2ILIAHxsT/jdNI=
=56eo
-----END PGP SIGNATURE-----


Reply to: