Fedora alert FEDORA-2025-a5d73a0399 (salt)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 42 Update: salt-3007.4-4.fc42 | |
| Date: | Sun, 29 Jun 2025 01:05:46 +0000 | |
| Message-ID: | <20250629010546.A4442203A6B7@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a5d73a0399 2025-06-29 01:03:14.526449+00:00 -------------------------------------------------------------------------------- Name : salt Product : Fedora 42 Version : 3007.4 Release : 4.fc42 URL : https://saltproject.io/ Summary : A parallel remote execution system Description : Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individual servers, handle them quickly and through a simple and manageable interface. -------------------------------------------------------------------------------- Update Information: Resolves CVE-2024-38824 RHBZ#2372731 Resolves CVE-2024-38824 RHBZ#2372733 Resolves CVE-2025-22239 RHBZ#2372732 Resolves CVE-2025-22239 RHBZ#2372734 Resolves CVE-2025-22236 RHBZ#2372774 Resolves CVE-2025-22236 RHBZ#2372776 Resolves CVE-2025-22242 RHBZ#2372741 Resolves CVE-2025-22242 RHBZ#2372745 Resolves CVE-2025-22240 RHBZ#2372746 Resolves CVE-2025-22241 RHBZ#2372748 Resolves CVE-2025-22240 RHBZ#2372752 Resolves CVE-2025-22241 RHBZ#2372753 Resolves RHBZ#2366381 Resolves CVE-2024-38824 RHBZ#2372731 Resolves CVE-2024-38824 RHBZ#2372733 Resolves CVE-2025-22239 RHBZ#2372732 Resolves CVE-2025-22239 RHBZ#2372734 Resolves CVE-2025-22236 RHBZ#2372774 Resolves CVE-2025-22236 RHBZ#2372776 Resolves CVE-2025-22242 RHBZ#2372741 Resolves CVE-2025-22242 RHBZ#2372745 Resolves CVE-2025-22240 RHBZ#2372746 Resolves CVE-2025-22241 RHBZ#2372748 Resolves CVE-2025-22240 RHBZ#2372752 Resolves CVE-2025-22241 RHBZ#2372753 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 3007.4-4 - Combined rpmvercmp and contextvars patches * Thu Jun 19 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 3007.4-3 - Updated contextvars patch * Thu Jun 19 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 3007.4-2 - Updated sources * Thu Jun 19 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 3007.4-1 - Update to 3007.4 RHBZ#2366381 - Resolves CVE-2024-38824 RHBZ#2372731 - Resolves CVE-2024-38824 RHBZ#2372733 - Resolves CVE-2025-22239 RHBZ#2372732 - Resolves CVE-2025-22239 RHBZ#2372734 - Resolves CVE-2025-22236 RHBZ#2372774 - Resolves CVE-2025-22236 RHBZ#2372776 - Resolves CVE-2025-22242 RHBZ#2372741 - Resolves CVE-2025-22242 RHBZ#2372745 - Resolves CVE-2025-22240 RHBZ#2372746 - Resolves CVE-2025-22241 RHBZ#2372748 - Resolves CVE-2025-22240 RHBZ#2372752 - Resolves CVE-2025-22241 RHBZ#2372753 * Mon Jun 2 2025 Python Maint <python-maint@redhat.com> - 3007.2-3 - Rebuilt for Python 3.14 * Fri May 30 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 3007.2-2 - Updated to 3007.2 * Fri May 30 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 3007.2-1 - Updated to 3007.2 * Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3007.1-3 - Drop call to %sysusers_create_compat -------------------------------------------------------------------------------- References: [ 1 ] Bug #2372747 - CVE-2024-38823 salt: Replay attack in saltstack [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2372747 [ 2 ] Bug #2372751 - CVE-2024-38823 salt: Replay attack in saltstack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2372751 [ 3 ] Bug #2372755 - CVE-2024-38825 salt: Authentication bypass in saltstack [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2372755 [ 4 ] Bug #2372756 - CVE-2024-38822 salt: Token validation errors in saltstack [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2372756 [ 5 ] Bug #2372757 - CVE-2024-38825 salt: Authentication bypass in saltstack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2372757 [ 6 ] Bug #2372758 - CVE-2024-38822 salt: Token validation errors in saltstack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2372758 [ 7 ] Bug #2372772 - CVE-2025-22238 salt: Directory traversal in salt project [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2372772 [ 8 ] Bug #2372773 - CVE-2025-22237 salt: Code injection in salt project [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2372773 [ 9 ] Bug #2372775 - CVE-2025-22237 salt: Code injection in salt project [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2372775 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a5d73a0399' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue