FEDORA-EPEL-2025-56a6ede4ef — security update for salt3006

stable

salt3006-3006.12-1.el9

FEDORA-EPEL-2025-56a6ede4ef created by rcallicotte 6 months ago for Fedora EPEL 9

Resolves multiple CVEs. Update to 3006.12.

This update contains various bugfixes to the 3006 LTS.

This update has been submitted for testing by rcallicotte.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update has obsoleted salt3006-3006.11-1.el9, and has inherited its bugs and notes.

6 months ago

This update has been pushed to testing.

6 months ago

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

urgent

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

6 months ago

in testing

6 months ago

in stable

6 months ago

approved

6 months ago

Builds

salt3006-3006.12-1.el9

BZ#2372729 CVE-2024-38824 salt3006: Directory traversal in saltstack [epel-9]

BZ#2372730 CVE-2025-22239 salt3006: Event injection in saltstack [epel-9]

BZ#2372737 CVE-2025-22241 salt3006: File overwrite in saltstack [epel-9]

BZ#2372739 CVE-2025-22242 salt3006: Denial of service in saltstack [epel-9]

BZ#2372742 CVE-2025-22240 salt3006: Path traversal in saltstack [epel-9]

BZ#2372743 CVE-2024-38823 salt3006: Replay attack in saltstack [epel-9]

BZ#2372749 CVE-2024-38825 salt3006: Authentication bypass in saltstack [epel-9]

BZ#2372754 CVE-2024-38822 salt3006: Token validation errors in saltstack [epel-9]

BZ#2372769 CVE-2025-22238 salt3006: Directory traversal in salt project [epel-9]

BZ#2372770 CVE-2025-22237 salt3006: Code injection in salt project [epel-9]

BZ#2372771 CVE-2025-22236 salt3006: Authorization bypass in salt project [epel-9]

salt3006-3006.12-1.el9

Automated Test Results

ignored