ASA-202001-7 log generated external raw

[ASA-202001-7] salt: arbitrary command execution
Arch Linux Security Advisory ASA-202001-7 ========================================= Severity: Medium Date : 2020-01-29 CVE-ID : CVE-2019-17361 Package : salt Type : arbitrary command execution Remote : Yes Link : Summary ======= The package salt before version 2019.2.3-1 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 2019.2.3-1. # pacman -Syu "salt>=2019.2.3-1" The problem has been fixed upstream in version 2019.2.3. Workaround ========== None. Description =========== With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the raw_shell option is specified any arbitrary command may be run on the Salt master when specifying SSH options. Impact ====== A remote unauthenticated attacker is able to execute arbitrary code on the affected host. References ==========