USN-6948-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-6948-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6948-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6948-1
Related
Published
2024-08-08T19:21:44.959446Z
Modified
2024-08-08T19:21:44.959446Z
Summary
salt vulnerabilities
Details

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. (CVE-2020-16846)

It was discovered that Salt incorrectly created certificates with weak file permissions. (CVE-2020-17490)

It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication. (CVE-2020-25592)

It was discovered that Salt incorrectly handled crafted process names. An attacker could possibly use this issue to run arbitrary commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)

It was discovered that Salt incorrectly handled validation of SSL/TLS certificates. A remote attacker could possibly use this issue to spoof a trusted entity. (CVE-2020-28972, CVE-2020-35662)

It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to run arbitrary code. (CVE-2021-25281)

It was discovered that Salt incorrectly handled crafted paths. A remote attacker could possibly use this issue to perform directory traversal. (CVE-2021-25282)

It was discovered that Salt incorrectly handled template rendering. A remote attacker could possibly this issue to run arbitrary code. (CVE-2021-25283)

It was discovered that Salt incorrectly handled logging. An attacker could possibly use this issue to discover credentials. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-25284)

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148)

It was discovered that Salt incorrectly handled input sanitization. A remote attacker could possibly use this issue to run arbitrary commands. (CVE-2021-3197)

References

Affected packages

Ubuntu:Pro:16.04:LTS / salt

Package

Name
salt
Purl
pkg:deb/ubuntu/salt@2015.8.8+ds-1ubuntu0.1+esm2?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2015.8.8+ds-1ubuntu0.1+esm2

Affected versions

2015.*

2015.5.3+ds-1
2015.8.1+ds-2
2015.8.3+ds-1
2015.8.3+ds-2
2015.8.3+ds-3
2015.8.5+ds-1
2015.8.7+ds-1
2015.8.8+ds-1
2015.8.8+ds-1ubuntu0.1~esm1
2015.8.8+ds-1ubuntu0.1
2015.8.8+ds-1ubuntu0.1+esm1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "salt-cloud": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-common": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-syndic": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-ssh": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-master": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-doc": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-api": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-minion": "2015.8.8+ds-1ubuntu0.1+esm2",
            "salt-proxy": "2015.8.8+ds-1ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / salt

Package

Name
salt
Purl
pkg:deb/ubuntu/salt@2017.7.4+dfsg1-1ubuntu18.04.2+esm1?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2017.7.4+dfsg1-1ubuntu18.04.2+esm1

Affected versions

2016.*

2016.11.5+ds-1
2016.11.8+dfsg1-1

2017.*

2017.7.2+dfsg1-2ubuntu1
2017.7.3+dfsg1-1
2017.7.4+dfsg1-1
2017.7.4+dfsg1-1ubuntu18.04.1
2017.7.4+dfsg1-1ubuntu18.04.2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "salt-cloud": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-common": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-syndic": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-ssh": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-master": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-doc": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-api": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-minion": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1",
            "salt-proxy": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1"
        }
    ]
}