Salt: Multiple vulnerabilities — GLSA 202103-01

Multiple vulnerabilities have been found in Salt, the worst of which could allow remote attacker to execute arbitrary commands.

Affected packages

Background

Salt is a fast, intelligent and scalable automation engine.

Description

Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary commands via salt-api, cause a Denial of Service condition, bypass access restrictions or disclose sensitive information.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/salt-3000.8"
 

References

• CVE-2020-28243
• CVE-2020-28972
• CVE-2020-35662
• CVE-2021-25281
• CVE-2021-25282
• CVE-2021-25283
• CVE-2021-25284
• CVE-2021-3144
• CVE-2021-3148
• CVE-2021-3197

Release date
March 31, 2021

Latest revision
March 31, 2021: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries

• 767919