stable

salt-3002.5-1.fc33

FEDORA-2021-5756fbf8a6 created by blarson 2 years ago for Fedora 33

Update to CVE release 3002.5-1 for Python 3 Fixed on this release: CVE-2021-25283 Fixed in 3002.3: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-25284 CVE-2021-3197

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-5756fbf8a6

This update has been submitted for testing by blarson.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon frode provided feedback 2 years ago
karma

This update has been submitted for stable by bodhi.

2 years ago

blarson edited this update.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Builds
1
salt-3002.5-1.fc33
Settings
Unstable by Karma
-2
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1933324 CVE-2021-3197 salt: Shell injection by including ProxyCommand in an argument [fedora-all]
0
0
BZ#1933326 CVE-2021-25281 salt: API does not honor eAuth credentials for the wheel_async client [fedora-all]
0
0
BZ#1933329 CVE-2021-25282 salt: Directory traversal in wheel.pillar_roots.write [fedora-all]
0
0
BZ#1933332 CVE-2021-25283 salt: Jinja renderer does not protect against server-side template injection attacks [fedora-all]
0
0
BZ#1933337 CVE-2021-3148 salt: Command injection in salt.utils.thin.gen_thin() [fedora-all]
0
0
BZ#1933340 CVE-2021-25284 salt: webutils write passwords in cleartext to /var/log/salt/minion [fedora-all]
0
0
BZ#1933343 CVE-2020-35662 salt: Certain modules do not always validated SSL certificates [fedora-all]
0
0
BZ#1933345 CVE-2021-3144 salt: eauth tokens can be used once after expiration [fedora-all]
0
0
BZ#1933348 CVE-2020-28972 salt: Authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate [fedora-all]
0
0
BZ#1933351 CVE-2020-28243 salt: Privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory [fedora-all]
0
0
salt-3002.5-1.fc33

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.1 on bodhi-web-86-nxdz4.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy