- Vulnerability/
- saltproject-2021-02-25-advisory-02
25/2/2021
20/2/2024
saltproject-2021-02-25-advisory-02: Active Salt CVE Release 2021-FEB-25
First published: Thu Feb 25 2021(Updated: )
The Salt Project has released a security update to address 10 vulnerabilities with severity rating Medium to High. We strongly recommend prioritizing this update. This is a security release. In the recent past, we have gone above and beyond our lifecycle policy in good faith to fix critical issues in versions no longer supported. Going forward, this will be the exception and not standard practice. We will follow our stated lifecycle policy found on the Salt Project Lifecycle Support page. The following CVEs were fixed as part of this release:
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SaltStack Salt | <3002.2<3001.4<3000.6<2019.2.8<2019.2.5<2018.3.5<2017.7.8<2016.11.10<2016.11.6<2016.11.5<2016.11.3<2016.3.8<2016.3.6<2016.3.4<2015.8.13<2015.8.10<3002.5<3001.6<3000.8<3002.5<3001.6<3000.8 | 3002.2 3001.4 3000.6 2019.2.8 2019.2.5 2018.3.5 2017.7.8 2016.11.10 2016.11.6 2016.11.5 2016.11.3 2016.3.8 2016.3.6 2016.3.4 2015.8.13 2015.8.10 3002.5 3001.6 3000.8 3002.5 3001.6 3000.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Child vulnerabilities
(Contains the following vulnerabilities)
- collector/saltproject-latest
- source/Salt Project
- agent/severity
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- collector/saltproject-advisory
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- vendor/saltstack
- canonical/saltstack salt