FEDORA-2021-5756fbf8a6 created by blarson 4 months ago for Fedora 33
stable

Update to CVE release 3002.5-1 for Python 3 Fixed on this release: CVE-2021-25283 Fixed in 3002.3: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-25284 CVE-2021-3197

How to install

sudo dnf upgrade --advisory=FEDORA-2021-5756fbf8a6

This update has been submitted for testing by blarson.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago
User Icon frode provided feedback 3 months ago
karma

This update has been submitted for stable by bodhi.

3 months ago

blarson edited this update.

3 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
3 months ago
modified
3 months ago
BZ#1933324 CVE-2021-3197 salt: Shell injection by including ProxyCommand in an argument [fedora-all]
0
0
BZ#1933326 CVE-2021-25281 salt: API does not honor eAuth credentials for the wheel_async client [fedora-all]
0
0
BZ#1933329 CVE-2021-25282 salt: Directory traversal in wheel.pillar_roots.write [fedora-all]
0
0
BZ#1933332 CVE-2021-25283 salt: Jinja renderer does not protect against server-side template injection attacks [fedora-all]
0
0
BZ#1933337 CVE-2021-3148 salt: Command injection in salt.utils.thin.gen_thin() [fedora-all]
0
0
BZ#1933340 CVE-2021-25284 salt: webutils write passwords in cleartext to /var/log/salt/minion [fedora-all]
0
0
BZ#1933343 CVE-2020-35662 salt: Certain modules do not always validated SSL certificates [fedora-all]
0
0
BZ#1933345 CVE-2021-3144 salt: eauth tokens can be used once after expiration [fedora-all]
0
0
BZ#1933348 CVE-2020-28972 salt: Authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate [fedora-all]
0
0
BZ#1933351 CVE-2020-28243 salt: Privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory [fedora-all]
0
0

Automated Test Results