UbuntuUpdates.org

Package "salt-ssh"

Name: salt-ssh

Description:

remote manager to administer servers via Salt SSH

Latest version: 2017.7.4+dfsg1-1ubuntu18.04.2
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: salt
Homepage: http://saltstack.org/

Links


Download "salt-ssh"


Other versions of "salt-ssh" in Bionic

Repository Area Version
base universe 2017.7.4+dfsg1-1
security universe 2017.7.4+dfsg1-1ubuntu18.04.2

Changelog

Version: 2017.7.4+dfsg1-1ubuntu18.04.2 2020-08-13 22:06:24 UTC

  salt (2017.7.4+dfsg1-1ubuntu18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerabilities in salt-api
    - debian/patches/CVE-2018-15750_15751.patch: Ensure that tokens are hex
      to avoid hanging/errors.
    - CVE-2018-15750
    - CVE-2018-15751
  * SECURITY UPDATE: Command injection vulnerabilities in salt-api and
    salt-master caused by improper sanitized input.
    - debian/patches/CVE-2019-17361.patch: various netapi fixes and tests.
    - debian/patches/CVE-2020-11651_11652_1.patch: Checks and sanitization.
    - debian/patches/CVE-2020-11651_11652_2.patch: Adding in missing fixes.
    - CVE-2019-17361
    - CVE-2020-11651
    - CVE-2020-11652

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 05 Aug 2020 19:59:01 +0000

Source diff to previous version
CVE-2018-15750 Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine whi
CVE-2018-15751 SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-a
CVE-2019-17361 In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticat
CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate
CVE-2020-11652 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some meth

Version: 2017.7.4+dfsg1-1ubuntu18.04.1 2019-05-13 11:06:46 UTC

  salt (2017.7.4+dfsg1-1ubuntu18.04.1) bionic; urgency=medium

  * Cherrypick two upstream patches to fix compat with OpenSSL 1.1.1,
    without these salt fails to start when OpenSSL is upgraded from 1.1.0
    to 1.1.1. LP: #1823332
  * Fix up install call in debian/rules to resolve FTBFS.

 -- Dimitri John Ledkov <email address hidden> Fri, 05 Apr 2019 15:41:52 +0100

1823332 salt --versions-report broken in bionic/cosmic with openssl 1.1.1



About   -   Send Feedback to @ubuntu_updates