Ubuntu
salt package

CVE-2020-11651 and CVE-2020-11652

Bug #1876717 reported by Denis Gubanov on 2020-05-04

274

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	salt (Debian)	Fix Released	Unknown	debbugs #959684
	salt (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

https://github.com/saltstack/salt/issues/57057
Еhe vulnerabilities are being exploited in wild already
Сompromised salt masters allow attackers to run arbitrary commands on the minions as root.
Unfortunately few of my server already suffered.

CVE References

Leonidas S. Barbosa (leosilvab) on 2020-05-04

information type:

Private Security → Public Security

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-05-04:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in salt (Ubuntu):
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2020-05-04

Changed in salt (Debian):
status:	Unknown → Confirmed

Bug Watch Updater (bug-watch-updater) on 2020-05-07

Changed in salt (Debian):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #959684
[done grave security fixed-upstream upstream] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntusalt package