CERT mailing list archives
SaltStack Patches Critical Vulnerabilities in Salt
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 01 May 2020 23:15:58 +0000
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: SaltStack Patches Critical Vulnerabilities in Salt [ https://www.us-cert.gov/ncas/current-activity/2020/05/01/saltstack-patches-critical-vulnerabilities-salt ] 05/01/2020 06:03 PM EDT Original release date: May 1, 2020 SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2.Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review SaltStacks Release Notes for Salt 2019.2.4 [ https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html ] and Salt 3000.2 [ https://docs.saltstack.com/en/latest/topics/releases/3000.2.html ], see Tips on Hardening Salt [ https://docs.saltstack.com/en/latest/topics/hardening.html#general-hardening-tip ], and apply the necessary update as soon as possible. This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- SaltStack Patches Critical Vulnerabilities in Salt US-CERT (May 01)