Salt: Multiple Vulnerabilities — GLSA 202310-22

Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation.

Affected packages

Background

Salt is a fast, intelligent and scalable automation engine.

Description

Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/salt-3004.2"
 

References

• CVE-2020-28243
• CVE-2020-28972
• CVE-2020-35662
• CVE-2021-3144
• CVE-2021-3148
• CVE-2021-3197
• CVE-2021-21996
• CVE-2021-25281
• CVE-2021-25282
• CVE-2021-25283
• CVE-2021-25284
• CVE-2021-31607
• CVE-2022-22934
• CVE-2022-22935
• CVE-2022-22936
• CVE-2022-22941
• CVE-2022-22967

Release date
October 31, 2023

Latest revision
October 31, 2023: 1

Severity
high

Exploitable
local and remote

Bugzilla entries

• 767919
• 812440
• 836365
• 855962