[USN-7181-1] Salt vulnerability
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Mon Jan 6 17:42:23 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7181-1
January 06, 2025
salt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Salt could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- salt: Infrastructure management built on a dynamic communication bus
Details:
It was discovered that Salt incorrectly handled web requests when the SSH
client was enabled. An attacker could possibly use this issue to achieve
remote code execution or obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
salt-common 0.17.5+ds-1ubuntu0.1~esm4
Available with Ubuntu Pro
salt-master 0.17.5+ds-1ubuntu0.1~esm4
Available with Ubuntu Pro
salt-minion 0.17.5+ds-1ubuntu0.1~esm4
Available with Ubuntu Pro
salt-ssh 0.17.5+ds-1ubuntu0.1~esm4
Available with Ubuntu Pro
salt-syndic 0.17.5+ds-1ubuntu0.1~esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7181-1
CVE-2020-16846
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250106/80bb7607/attachment.sig>
More information about the ubuntu-security-announce
mailing list