USN-6948-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6948-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6948-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-6948-1

Related

Published

2024-08-08T19:21:44.959446Z

Modified

2024-08-08T19:21:44.959446Z

Summary

salt vulnerabilities

Details

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. (CVE-2020-16846)

It was discovered that Salt incorrectly created certificates with weak file permissions. (CVE-2020-17490)

It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication. (CVE-2020-25592)

It was discovered that Salt incorrectly handled crafted process names. An attacker could possibly use this issue to run arbitrary commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)

It was discovered that Salt incorrectly handled validation of SSL/TLS certificates. A remote attacker could possibly use this issue to spoof a trusted entity. (CVE-2020-28972, CVE-2020-35662)

It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to run arbitrary code. (CVE-2021-25281)

It was discovered that Salt incorrectly handled crafted paths. A remote attacker could possibly use this issue to perform directory traversal. (CVE-2021-25282)

It was discovered that Salt incorrectly handled template rendering. A remote attacker could possibly this issue to run arbitrary code. (CVE-2021-25283)

It was discovered that Salt incorrectly handled logging. An attacker could possibly use this issue to discover credentials. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-25284)

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148)

It was discovered that Salt incorrectly handled input sanitization. A remote attacker could possibly use this issue to run arbitrary commands. (CVE-2021-3197)

References

Affected packages

Ubuntu:Pro:16.04:LTS / salt

Package

Name: salt
Purl: pkg:deb/ubuntu/salt@2015.8.8+ds-1ubuntu0.1+esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2015.8.8+ds-1ubuntu0.1+esm2

Affected versions

2015.*

2015.5.3+ds-1

2015.8.1+ds-2

2015.8.3+ds-1

2015.8.3+ds-2

2015.8.3+ds-3

2015.8.5+ds-1

2015.8.7+ds-1

2015.8.8+ds-1

2015.8.8+ds-1ubuntu0.1~esm1

2015.8.8+ds-1ubuntu0.1

2015.8.8+ds-1ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "salt-api",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-cloud",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-common",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-doc",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-master",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-minion",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-proxy",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-ssh",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "salt-syndic",
            "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / salt

Package

Name: salt
Purl: pkg:deb/ubuntu/salt@2017.7.4+dfsg1-1ubuntu18.04.2+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2017.7.4+dfsg1-1ubuntu18.04.2+esm1

Affected versions

2016.*

2016.11.5+ds-1

2016.11.8+dfsg1-1

2017.*

2017.7.2+dfsg1-2ubuntu1

2017.7.3+dfsg1-1

2017.7.4+dfsg1-1

2017.7.4+dfsg1-1ubuntu18.04.1

2017.7.4+dfsg1-1ubuntu18.04.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "salt-api",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-cloud",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-common",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-doc",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-master",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-minion",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-proxy",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-ssh",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        },
        {
            "binary_name": "salt-syndic",
            "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        }
    ]
}