Tag: cve update

Aug 10, 2023

Salt security advisory release - 2023-AUG-10

The Salt Project released a security update to Salt to address 2 vulnerabilities with a severity rating of Medium. We strongly recommend prioritizing this update. This is a security advisory release.

Feb 25, 2021

UPDATE 2021-FEB-25 CVE Release Time Delay

Today the 2021-FEB-25 CVE Release is on-going and we are working through tasks. However, it is taking longer than expected. At this time we estimate a release time as 6 PM MST and 1 AM UTC. We apologize for the delay.

Feb 4, 2021

Salt Feb 4th CVE Release Delayed

Today’s scheduled CVE Release is delayed due to a bug found late in the release cycle. This CVE Release is now set for Thursday, February 25th, 2021 by noon MST and 7:00 PM UTC. We apologize for the inconvenience this delay causes.

May 6, 2020

Active Salt CVE Update - CVE-2020-11651 and CVE-2020-11652

We have created and made patches available for a number of Salt releases. Some patches are specific to certain Salt versions and, as noted, some will patch multiple versions. To ensure the patch is effective, verify installation of your version prior to installing any patches.

May 4, 2020

Active Salt CVE Update for CVE-2020-11651 and CVE-2020-11652

Last week a critical vulnerability was discovered affecting Salt Master versions 2019.2.3 and 3000.1 and earlier. SaltStack customers and Salt users who have followed fundamental internet security guidelines and best practices are not affected by this vulnerability. The vulnerability is easily exploitable if a Salt Master is exposed to the open internet.

Apr 21, 2020

Salt CVE Critical Updates - 2020-APR-21

We have decided to proceed with release packages for 2019.2.5 and 3000.3 that contain fixes to these new these critical CVEs (CVE-2020-11651 and CVE-2020-11652). The packages will be available Wednesday, May 13, or potentially sooner.