Bugzilla – Bug 1190265
VUL-0: CVE-2021-21996: salt: root exploit on minion when able to access a file source
Last modified: 2023-03-01 10:19:05 UTC
CVE-2021-21996 https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ CVE-2021-21996 Impact: This requires a malicious user to have access to control a file source URL and its source_hash URL. Description: A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. Solution: Code has been modified to exclude the full path of a download URL. Instead, we only use the base filename plus file extension. This prevents injection of malicious code into the full path string. How to Mitigate: Update to the latest versions of salt minion code. Attribution: Jonathan Schlue jonathan.schlue@aboutsource.net Severity Rating: 4.2
This is now fixed in our Salt packages by: https://build.opensuse.org/request/show/919136 - 3002.2 https://build.opensuse.org/request/show/919137 - 3002.2 (to Factory) https://build.opensuse.org/request/show/919138 - 3000 https://build.opensuse.org/request/show/919139 - 2016.11.10 https://build.opensuse.org/request/show/919140 - 3000.3 (py27-compat-salt) https://build.opensuse.org/request/show/919141 - 2016.11.10 (py26-compat-salt) The above fixes will be soon promoted and included in the submissions for next MU on SUSE Manager 4.2 I think there is nothing else to do from our side at this moment. I'm resetting the assignee to Security team. Thanks!
This is an autogenerated message for OBS integration: This bug (1190265) was mentioned in https://build.opensuse.org/request/show/919452 Factory / salt
SUSE-SU-2021:3555-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): salt-3002.2-48.4 SUSE Linux Enterprise Server 15-SP1-LTSS (src): salt-3002.2-48.4 SUSE Linux Enterprise Server 15-SP1-BCL (src): salt-3002.2-48.4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): salt-3002.2-48.4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): salt-3002.2-48.4 SUSE Enterprise Storage 6 (src): salt-3002.2-48.4 SUSE CaaS Platform 4.0 (src): salt-3002.2-48.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3549-1: An update that solves one vulnerability, contains one feature and has three fixes is now available. Category: security (moderate) Bug References: 1181223,1188977,1190265,1190512 CVE References: CVE-2021-21996 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14832-1: An update that solves one vulnerability, contains one feature and has three fixes is now available. Category: security (moderate) Bug References: 1181223,1188977,1190265,1190512 CVE References: CVE-2021-21996 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3553-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): salt-3002.2-8.41.17.1 SUSE Linux Enterprise Server 15-LTSS (src): salt-3002.2-8.41.17.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): salt-3002.2-8.41.17.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): salt-3002.2-8.41.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3547-1: An update that solves one vulnerability, contains one feature and has three fixes is now available. Category: security (moderate) Bug References: 1181223,1188977,1190265,1190512 CVE References: CVE-2021-21996 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3561-1: An update that solves two vulnerabilities, contains two features and has 31 fixes is now available. Category: security (moderate) Bug References: 1171520,1181223,1187572,1187998,1188315,1188977,1189260,1189422,1189609,1189799,1189818,1189933,1190040,1190123,1190151,1190164,1190166,1190265,1190275,1190276,1190300,1190396,1190405,1190455,1190512,1190602,1190751,1190820,1191123,1191139,1191348,1191551,1191898 CVE References: CVE-2021-21996,CVE-2021-40348 JIRA References: PM-2644,SUMA-61 Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src): cobbler-3.1.2-5.11.1, hub-xmlrpc-api-0.7-3.3.3, inter-server-sync-0.0.5-8.6.3, patterns-suse-manager-4.2-4.3.1, py26-compat-salt-2016.11.10-11.28.9.1, py26-compat-tornado-4.2.1-3.3.1, py27-compat-salt-3000.3-7.7.11.1, spacecmd-4.2.13-4.9.1, spacewalk-admin-4.2.9-3.6.2, spacewalk-backend-4.2.17-4.9.3, spacewalk-certs-tools-4.2.13-3.9.2, spacewalk-client-tools-4.2.14-4.9.3, spacewalk-java-4.2.30-3.14.4, spacewalk-utils-4.2.14-3.9.3, spacewalk-web-4.2.23-3.9.3, subscription-matcher-0.27-6.3.1, supportutils-plugin-susemanager-4.2.3-3.3.2, susemanager-4.2.25-3.13.1, susemanager-doc-indexes-4.2-12.11.3, susemanager-docs_en-4.2-12.11.1, susemanager-schema-4.2.18-3.9.3, susemanager-sls-4.2.18-3.11.1, susemanager-sync-data-4.2.9-3.9.1, virtualization-formulas-0.6.1-8.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14831-1: An update that solves one vulnerability, contains one feature and has three fixes is now available. Category: security (moderate) Bug References: 1181223,1188977,1190265,1190512 CVE References: CVE-2021-21996 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3550-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE Manager Tools 12 (src): salt-3000-46.151.2 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): salt-3000-46.151.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2021:3551-1: An update that solves two vulnerabilities and has 30 fixes is now available. Category: recommended (low) Bug References: 1171520,1181223,1187572,1187998,1188315,1188977,1189260,1189422,1189609,1189799,1189818,1189933,1190040,1190123,1190151,1190164,1190166,1190265,1190275,1190276,1190300,1190396,1190405,1190455,1190512,1190602,1190751,1190820,1191123,1191139,1191348,1191551 CVE References: CVE-2021-21996,CVE-2021-40348 JIRA References: Sources used: SUSE Manager Server 4.2 (src): release-notes-susemanager-4.2.3-3.19.1 SUSE Manager Retail Branch Server 4.2 (src): release-notes-susemanager-proxy-4.2.3-3.15.1 SUSE Manager Proxy 4.2 (src): release-notes-susemanager-proxy-4.2.3-3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14833-1: An update that solves one vulnerability and has three fixes is now available. Category: security (moderate) Bug References: 1181223,1188977,1190265,1190512 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src): salt-2016.11.10-43.84.1, spacecmd-4.2.13-18.93.1, spacewalk-client-tools-4.2.14-27.59.1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src): salt-2016.11.10-43.84.1, spacecmd-4.2.13-18.93.1, spacewalk-client-tools-4.2.14-27.59.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3557-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE MicroOS 5.1 (src): salt-3002.2-50.1.15.1 SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src): salt-3002.2-50.1.15.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): salt-3002.2-50.1.15.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): salt-3002.2-50.1.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3556-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE MicroOS 5.0 (src): salt-3002.2-49.2 SUSE Linux Enterprise Module for Transactional Server 15-SP2 (src): salt-3002.2-49.2 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): salt-3002.2-49.2 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): salt-3002.2-49.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3557-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: openSUSE Leap 15.3 (src): salt-3002.2-50.1.15.1
openSUSE-SU-2021:1443-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190265 CVE References: CVE-2021-21996 JIRA References: Sources used: openSUSE Leap 15.2 (src): salt-3002.2-lp152.3.45.1
SUSE-SU-2021:3621-1: An update that solves one vulnerability and has 20 fixes is now available. Category: security (moderate) Bug References: 1185951,1187998,1188315,1189609,1189643,1189818,1190151,1190166,1190265,1190276,1190512,1190665,1190751,1191144,1191222,1191274,1191444,1191495,1191538,1191643,1191898 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src): grafana-formula-0.4.2-3.12.2, prometheus-formula-0.3.4-3.12.2, py26-compat-salt-2016.11.10-17.2, py26-compat-tornado-4.2.1-3.3.2, py27-compat-salt-3000.3-6.15.2, spacecmd-4.1.15-4.30.2, spacewalk-backend-4.1.29-4.44.2, spacewalk-certs-tools-4.1.19-3.22.2, spacewalk-java-4.1.41-3.58.2, spacewalk-reports-4.1.4-3.6.2, spacewalk-web-4.1.30-3.36.1, subscription-matcher-0.27-3.12.2, susemanager-4.1.31-3.39.2, susemanager-doc-indexes-4.1-11.46.2, susemanager-docs_en-4.1-11.46.2, susemanager-sls-4.1.31-3.51.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2021:3622-1: An update that has 21 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1185951,1187998,1188315,1189609,1189643,1189818,1190151,1190166,1190265,1190276,1190512,1190665,1190751,1191144,1191222,1191274,1191444,1191495,1191538,1191643,1191898 CVE References: JIRA References: Sources used: SUSE Manager Server 4.1 (src): release-notes-susemanager-4.1.12-3.64.1 SUSE Manager Retail Branch Server 4.1 (src): release-notes-susemanager-proxy-4.1.12-3.47.1 SUSE Manager Proxy 4.1 (src): release-notes-susemanager-proxy-4.1.12-3.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3901-1: An update that solves one vulnerability, contains four features and has 26 fixes is now available. Category: security (moderate) Bug References: 1164192,1167586,1168327,1173103,1173692,1180650,1181223,1184659,1185131,1186287,1186310,1186581,1186674,1186738,1187787,1187813,1188042,1188170,1188259,1188647,1188977,1189040,1190265,1190446,1190512,1191412,1191431 CVE References: CVE-2021-21996 JIRA References: ECO-3212,ECO-3319,SLE-18028,SLE-18033 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3906-1: An update that solves one vulnerability and has 19 fixes is now available. Category: security (moderate) Bug References: 1164192,1167586,1168327,1180650,1184659,1185131,1186287,1186310,1186674,1187787,1187813,1188170,1188641,1188647,1189040,1189043,1190114,1190265,1190446,1191412 CVE References: CVE-2021-21996 JIRA References: Sources used: SUSE Manager Tools 12-BETA (src): python-Jinja2-2.8-22.5.1, python-MarkupSafe-0.23-6.5.1, python-PyYAML-5.1.2-29.5.1, python-msgpack-python-0.4.6-11.5.1, python-psutil-5.2.2-18.5.1, python-pycrypto-2.6.1-13.5.1, python-pyzmq-14.0.0-12.5.1, python-singledispatch-3.4.0.3-4.8.1, salt-3000-49.38.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3903-1: An update that solves one vulnerability, contains four features and has 26 fixes is now available. Category: security (moderate) Bug References: 1164192,1167586,1168327,1173103,1173692,1180650,1181223,1184659,1185131,1186287,1186310,1186581,1186674,1186738,1187787,1187813,1188042,1188170,1188259,1188647,1188977,1189040,1190265,1190446,1190512,1191412,1191431 CVE References: CVE-2021-21996 JIRA References: ECO-3212,ECO-3319,SLE-18028,SLE-18033 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3902-1: An update that solves one vulnerability, contains four features and has 26 fixes is now available. Category: security (moderate) Bug References: 1164192,1167586,1168327,1173103,1173692,1180650,1181223,1184659,1185131,1186287,1186310,1186581,1186674,1186738,1187787,1187813,1188042,1188170,1188259,1188647,1188977,1189040,1190265,1190446,1190512,1191412,1191431 CVE References: CVE-2021-21996 JIRA References: ECO-3212,ECO-3319,SLE-18028,SLE-18033 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3908-1: An update that solves 6 vulnerabilities, contains four features and has 27 fixes is now available. Category: security (moderate) Bug References: 1164192,1167586,1168327,1170823,1173103,1173692,1175478,1180650,1181223,1184659,1185131,1186242,1186287,1186310,1186508,1186581,1186650,1186674,1186738,1187787,1187813,1188042,1188170,1188259,1188647,1188846,1188977,1189040,1190265,1190446,1190512,1191412,1191448 CVE References: CVE-2021-21996,CVE-2021-27962,CVE-2021-28146,CVE-2021-28147,CVE-2021-28148,CVE-2021-29622 JIRA References: ECO-3212,SLE-18028,SLE-18033,SLE-18254 Sources used: SUSE Manager Tools 15-BETA (src): dracut-saltboot-0.1.1628156312.dbd0dec-3.27.1, golang-github-prometheus-prometheus-2.27.1-6.21.2, grafana-7.5.7-4.15.3, hwdata-0.334-6.5.1, koan-3.0.1-7.12.1, mgr-cfg-4.3.2-4.15.1, mgr-custom-info-4.3.2-4.9.1, mgr-daemon-4.3.2-4.15.2, mgr-osad-4.3.2-4.18.2, mgr-push-4.3.1-4.9.3, mgr-virtualization-4.3.1-4.9.3, prometheus-blackbox_exporter-0.19.0-3.3.2, python-contextvars-2.4-3.3.1, python-hwdata-2.3.5-5.7.1, python-immutables-0.11-3.3.1, python-jabberpy-0.5-5.5.1, rhnlib-4.3.1-6.18.2, salt-3003.3-8.44.1, spacecmd-4.3.4-6.27.1, spacewalk-client-tools-4.3.4-6.33.3, spacewalk-koan-4.3.1-6.9.2, spacewalk-oscap-4.3.1-6.9.2, spacewalk-remote-utils-4.3.1-6.9.2, supportutils-plugin-susemanager-client-4.3.1-6.12.2, suseRegisterInfo-4.3.1-6.15.2, system-user-grafana-1.0.0-3.5.1, system-user-prometheus-1.0.0-3.5.1, uyuni-common-libs-4.3.1-3.21.2, zypp-plugin-spacewalk-1.0.10-6.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3904-1: An update that solves one vulnerability, contains one feature and has 26 fixes is now available. Category: security (moderate) Bug References: 1164192,1167586,1168327,1173692,1180650,1181223,1184659,1185131,1186287,1186310,1186581,1186674,1187787,1187813,1188042,1188170,1188641,1188647,1188977,1189040,1189043,1190114,1190265,1190446,1190512,1191412,1191431 CVE References: CVE-2021-21996 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done