Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 916512 (CVE-2023-20897, CVE-2023-20898, CVE-2023-34049) - <app-admin/salt-3005.4: multiple vulnerabilities
Summary: <app-admin/salt-3005.4: multiple vulnerabilities
Alias: CVE-2023-20897, CVE-2023-20898, CVE-2023-34049
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa?]
Depends on: 921974
  Show dependency tree
Reported: 2023-10-29 23:42 UTC by John Helmert III
Modified: 2024-04-05 12:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-10-29 23:42:03 UTC


- **Impact**: After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.


- **Impact:** Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

Fixes in 3005.2, 3006.2.



Impact: If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.

Fix in 3005.4, 3006.4. Please bump.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-17 21:22:44 UTC
Please cleanup