https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11652
In the current Security Onion 16.04 platform, we use the standard SaltStack packages from the standard Ubuntu repositories. Ubuntu is currently tracking these as follows:
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11651.html
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11652.html
We would expect that as soon as Ubuntu updates its packages, then a standard "soup" update would completely remove the vulnerabilities.
UPDATE 2020/08/14 - Ubuntu has released updated packages:
In the meantime, please keep in mind that Security Onion locks down the host-based firewall to only allow connections to the salt ports from known good salt minions. If you feel the need for additional compensating controls, you may wish to add firewall restrictions to your network firewalls as well.
No comments:
Post a Comment