Branch sisyphus update bulletin.

Package shim-signed updated to version 0.4-alt4 for branch sisyphus in task 181193.

убрать альтовую подпись с shim-signed

Package xfsprogs updated to version 4.10.0-alt1 for branch sisyphus in task 181197.

Published: 2015-08-25
Modified: 2024-11-21

CVE-2012-2150

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.

Severity: MEDIUM (5.0)

References:

[FR] Обновить до актуальной версии

Package salt updated to version 2016.11.3-alt1 for branch sisyphus in task 178938.

Published: 2017-09-26
Modified: 2024-11-21

CVE-2017-5192

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-09-26
Modified: 2024-11-21

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-04-24
Modified: 2024-11-21

CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch sisyphus update on 2017-04-02

ALT-BU-2017-3028-1

ALT-PU-2017-1401-1

Closed bugs

Bug #33314

ALT-PU-2017-1402-1

Closed vulnerabilities

CVE-2012-2150

Closed bugs

Bug #33290

ALT-PU-2017-1403-1

Closed vulnerabilities

CVE-2017-5192

CVE-2017-5200

CVE-2017-7893