CERT mailing list archives

Previous By Date Next
Previous By Thread Next

SaltStack Patches Critical Vulnerabilities in Salt

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 01 May 2020 23:15:58 +0000
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



SaltStack Patches Critical Vulnerabilities in Salt [ 
https://www.us-cert.gov/ncas/current-activity/2020/05/01/saltstack-patches-critical-vulnerabilities-salt ] 05/01/2020 
06:03 PM EDT 
Original release date: May 1, 2020

SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 
and 3000.2.Salt is an open-source remote task and configuration management framework widely used in data centers and 
cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review SaltStacks 
Release Notes for Salt 2019.2.4 [ https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html ] and Salt 3000.2 
[ https://docs.saltstack.com/en/latest/topics/releases/3000.2.html ], see Tips on Hardening Salt [ 
https://docs.saltstack.com/en/latest/topics/hardening.html#general-hardening-tip ], and apply the necessary update as 
soon as possible.

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: