Download
| Alert*
oval:org.secpod.oval:def:106701
salt is installed oval:org.secpod.oval:def:1800105 A flaw in minion id validation was found which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Fixed In Vers ... oval:org.secpod.oval:def:1800106 salt is installed oval:org.secpod.oval:def:1800853 A flaw in minion id validation was found which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Fixed In Vers ... oval:org.secpod.oval:def:106050 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:110123 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:110015 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:89044943 This update for salt fixes one security issue and bugs. The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID . Additionally, the f ... oval:org.secpod.oval:def:62934 salt subpackages are installed oval:org.secpod.oval:def:62931 salt subpackages are installed (dpkg) oval:org.secpod.oval:def:89048984 This update for salt fixes the following issues: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * ... oval:org.secpod.oval:def:89048985 This update for salt fixes the following issues: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * ... oval:org.secpod.oval:def:89048977 This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for s ... oval:org.secpod.oval:def:89049026 This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for s ... oval:org.secpod.oval:def:89050348 This update for salt fixes the following issues: - Avoid possible user escalation upgrading salt-master - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers ... oval:org.secpod.oval:def:1800438 CVE-2017-5192: local_batch client external authentication not respected The `LocalClient.cmd_batch` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is o ... oval:org.secpod.oval:def:89047725 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM oval:org.secpod.oval:def:89046744 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could by used to bypass authentication when using PAM oval:org.secpod.oval:def:3300469 SUSE Security Update: Security update for salt oval:org.secpod.oval:def:89046727 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM oval:org.secpod.oval:def:89047413 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication oval:org.secpod.oval:def:89047497 This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. - CVE-2022-22936: Prevent job and fileserver replays - CVE-2022-22941: Fixed targeting bug, especially visible when using synd ... oval:org.secpod.oval:def:89047277 This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code oval:org.secpod.oval:def:119015 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:89000629 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 oval:org.secpod.oval:def:89050400 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 oval:org.secpod.oval:def:89047235 This update for salt fixes the following issues: Update to Salt release version 3002.2 - Check if dpkgnotify is executable - Drop support for Python2. Obsoletes `python2-salt` package - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devi ... oval:org.secpod.oval:def:89047151 This update for salt fixes the following issues: - Check if dpkgnotify is executable - Update to Salt release version 3002.2 - Drop support for Python2. Obsoletes `python2-salt` package - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module - tra ... oval:org.secpod.oval:def:89050263 This update for salt fixes the following issues: - Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string - Properly validate eauth credentials and tokens on SSH calls made by Salt API - Fix disk.blkid to avoid unexpected keyword argument "__pub_user". - Ensure virt.u ... oval:org.secpod.oval:def:89050461 This update for salt fixes the following issues: - Properly validate eauth credentials and tokens on SSH calls made by Salt API - Fix disk.blkid to avoid unexpected keyword argument "__pub_user". - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building ... oval:org.secpod.oval:def:119028 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:119021 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:62935 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly sanitize paths in the salt-master process ClearFuncs class. Successful exploitation allows attackers to p ... oval:org.secpod.oval:def:89049635 This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api . - CVE-2018-15751: Fixed remote authentication bypass in salt-api that allows to execute arbitrary commands . Non-security issues fixed: - Improved handling ... oval:org.secpod.oval:def:62933 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly validate method calls in the salt-master process ClearFuncs class. Successful exploitation allows remo ... oval:org.secpod.oval:def:62932 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly sanitize paths in the salt-master process ClearFuncs class. Successful exploitation allows attackers to p ... oval:org.secpod.oval:def:62930 The host is installed with SaltStack Salt before 2019.2.4 or 3000 before 3000.2 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly validate method calls in the salt-master process ClearFuncs class. Successful exploitation allows remo ... oval:org.secpod.oval:def:89050337 This update for salt contains the following fixes: - Fix for TypeError in Tornado importer - Require python3-distro only for TW - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. - Add op ... oval:org.secpod.oval:def:89049185 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set. * Fix ModuleNotFoundError and other issues raised by s ... oval:org.secpod.oval:def:89049186 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set * Fix ModuleNotFoundError and other issues raised by sa ... oval:org.secpod.oval:def:89049192 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set * Fix ModuleNotFoundError and other issues raised by sa ... oval:org.secpod.oval:def:89049190 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set * Fix ModuleNotFoundError and other issues raised by sa ... oval:org.secpod.oval:def:89049198 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set * Fix ModuleNotFoundError and other issues raised by sa ... oval:org.secpod.oval:def:89049748 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:89049743 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:89049738 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:89049653 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:126132 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:3301828 Security update for salt oval:org.secpod.oval:def:89049752 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:3301857 Security update for salt oval:org.secpod.oval:def:3301449 Security update for salt oval:org.secpod.oval:def:126446 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:126443 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:89051084 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051085 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051087 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051086 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051088 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:3302369 Security update for salt oval:org.secpod.oval:def:3302404 Security update for salt oval:org.secpod.oval:def:89051557 This update for salt and python-pyzmq fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new ... oval:org.secpod.oval:def:89051470 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... oval:org.secpod.oval:def:89051462 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... oval:org.secpod.oval:def:89051469 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... oval:org.secpod.oval:def:89051465 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... oval:org.secpod.oval:def:89051463 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... |