Download
| Alert*
oval:org.secpod.oval:def:67394
The host is installed with SaltStack Salt before 2019.2.6, 3000.x before 3000.4, 3001.x before 3001.2 or 3002.0 and is prone to a shell injection vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the SSH client. Successful exploitation allows an u ... oval:org.secpod.oval:def:67423 The host is installed with SaltStack Salt before 2019.2.6, 3000.x before 3000.4, 3001.x before 3001.2 or 3002.0 and is prone to a shell injection vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the SSH client. Successful exploitation allows an u ... oval:org.secpod.oval:def:89050263 This update for salt fixes the following issues: - Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string - Properly validate eauth credentials and tokens on SSH calls made by Salt API - Fix disk.blkid to avoid unexpected keyword argument "__pub_user". - Ensure virt.u ... oval:org.secpod.oval:def:69856 Several vulnerabilities were discovered in salt-common, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of salt-common SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the salt-common AP ... oval:org.secpod.oval:def:89050461 This update for salt fixes the following issues: - Properly validate eauth credentials and tokens on SSH calls made by Salt API - Fix disk.blkid to avoid unexpected keyword argument "__pub_user". - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building ... oval:org.secpod.oval:def:89043927 This update fixes the following issues: salt: - Avoid regression on salt-master : set passphrase for salt-ssh keys to empty string - Properly validate eauth credentials and tokens on SSH calls made by Salt API - Fix disk.blkid to avoid unexpected keyword argument "__pub_user" - Ensure virt.updat ... oval:org.secpod.oval:def:119028 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:89043869 This update fixes the following issues: cobbler: - Fix parsing cobbler dictionary options with values containing = , e.g. kernel params containing = golang-github-wrouesnel-postgres_exporter: - Enable package building for ppc64le mgr-cfg: - Update package version to 4.2.0 mgr-custom-info: - Upda ... oval:org.secpod.oval:def:119015 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:89043833 This update fixes the following issues: cobbler: - Fix parsing cobbler dictionary options with values containing = , e.g. kernel params containing = mgr-daemon: - Update translation strings salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API spacecmd: - Python3 ... oval:org.secpod.oval:def:119021 Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads ... oval:org.secpod.oval:def:605410 Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH clien ... |