Ah oh, SaltStack's frightnin' (with apologies to Howlin' Wolf)
If your kit is affected, don't wait: unpatched vulnerabilities in Salt claimed two high profile victims over the weekend in the form of popular Google-free Android-based LineageOS and online publisher Ghost.
Patched last week, the vulnerabilities in the Salt configuration tool can allow an attacker to gain complete control over an exposed installation. Originally discovered by F-Secure, the issues were patched in Salt 3000.2 and also in the previous stable release, 2019.2.4. Older releases required something a little more manual.
Systems that were not set to automatically update from SaltStack's repo ..
Support the originator by clicking the read the rest link below.
