ELA-537-1 salt security update

multiple vulnerabilities

2022-01-03
Packagesalt
Version2014.1.13+ds-3+deb8u2
Related CVEs CVE-2020-16846 CVE-2020-17490 CVE-2020-35662 CVE-2021-3197 CVE-2021-21996 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284

Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, shell and command injections or incorrect validation of SSL certificates.

For Debian 8 jessie, these problems have been fixed in version 2014.1.13+ds-3+deb8u2.

We recommend that you upgrade your salt packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/