Bugzilla – Bug 1181561
VUL-0: CVE-2021-25283: salt: jinja render does not protect against server-side template injection attacks
Last modified: 2023-03-01 10:17:33 UTC
CRD: 2021-02-04
The public release was postponed. https://saltproject.io/security_announcements/salt-feb-4th-cve-release-delayed/ New release date: CRD: 2021-02-25 19:00 UTC
SUSE-RU-2021:0632-1: An update that solves 10 vulnerabilities and has one errata is now available. Category: recommended (moderate) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Manager Server 4.0 (src): release-notes-susemanager-4.0.12.1-3.68.1 SUSE Manager Retail Branch Server 4.0 (src): release-notes-susemanager-proxy-4.0.12.1-0.16.52.1 SUSE Manager Proxy 4.0 (src): release-notes-susemanager-proxy-4.0.12.1-0.16.52.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0624-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src): py26-compat-salt-2016.11.10-6.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14650-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src): salt-2016.11.10-43.69.1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src): salt-2016.11.10-43.69.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0626-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (src): py26-compat-salt-2016.11.10-10.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2021:0633-1: An update that solves 10 vulnerabilities and has one errata is now available. Category: recommended (moderate) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Manager Server 4.1 (src): release-notes-susemanager-4.1.5.1-3.38.1 SUSE Manager Retail Branch Server 4.1 (src): release-notes-susemanager-proxy-4.1.5.1-3.26.1 SUSE Manager Proxy 4.1 (src): release-notes-susemanager-proxy-4.1.5.1-3.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0619-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0628-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): salt-3000-5.106.1 SUSE Linux Enterprise Server 15-LTSS (src): salt-3000-5.106.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): salt-3000-5.106.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): salt-3000-5.106.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0625-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0630-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): salt-3000-24.1 SUSE Linux Enterprise Module for Python2 15-SP2 (src): salt-3000-24.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): salt-3000-24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14647-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14649-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0631-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Manager Server 4.0 (src): salt-3000-24.1 SUSE Manager Retail Branch Server 4.0 (src): salt-3000-24.1 SUSE Manager Proxy 4.0 (src): salt-3000-24.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): salt-3000-24.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): salt-3000-24.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): salt-3000-24.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): salt-3000-24.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): salt-3000-24.1 SUSE Enterprise Storage 6 (src): salt-3000-24.1 SUSE CaaS Platform 4.0 (src): salt-3000-24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14646-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0627-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Manager Tools 12 (src): salt-3000-46.129.1 SUSE Linux Enterprise Point of Sale 12-SP2 (src): salt-3000-46.129.1 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): salt-3000-46.129.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0347-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: openSUSE Leap 15.2 (src): salt-3000-lp152.3.27.1
SUSE-SU-2021:0913-1: An update that solves 11 vulnerabilities and has 8 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1177474,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14679-1: An update that solves 11 vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0914-1: An update that solves 11 vulnerabilities and has 8 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1177474,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Manager Tools 15-BETA (src): salt-3002.2-8.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14677-1: An update that solves 10 vulnerabilities and has 10 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1179696,1180101,1180818,1181290,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14682-1: An update that solves 10 vulnerabilities and has 6 fixes is now available. Category: security (moderate) Bug References: 1181290,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1181807,1182339,1182603,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (src): mgr-osad-4.2.3-8.12.1, rhnlib-4.2.2-15.12.1, salt-2016.11.10-46.15.1, spacewalk-client-tools-4.2.7-30.24.1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (src): mgr-osad-4.2.3-8.12.1, rhnlib-4.2.2-15.12.1, salt-2016.11.10-46.15.1, spacewalk-client-tools-4.2.7-30.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0910-1: An update that solves 10 vulnerabilities and has 10 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1179696,1180101,1180818,1181290,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14678-1: An update that solves 11 vulnerabilities and has 8 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1177474,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0915-1: An update that solves 10 vulnerabilities and has 10 fixes is now available. Category: security (moderate) Bug References: 1099976,1172110,1174855,1179696,1180101,1180818,1181290,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197 JIRA References: Sources used: SUSE Manager Tools 12-BETA (src): salt-3000-49.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
I think we're done with here. The patch we submitted to fix this issue is the one attached at https://bugzilla.suse.com/show_bug.cgi?id=1181550 I'm setting back the assignee to the Security team. Thanks!
SUSE-SU-2021:14733-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14734-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1690-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: SUSE Manager Tools 15-BETA (src): salt-3002.2-8.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1694-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released