ALT Linux Team

Branch sisyphus update on 2017-04-02

2017-04-02

ALT-BU-2017-3028-1

Branch sisyphus update bulletin.

ALT-PU-2017-1401-1

Package shim-signed updated to version 0.4-alt4 for branch sisyphus in task 181193.

Closed bugs

Bug #33314

убрать альтовую подпись с shim-signed

ALT-PU-2017-1402-1

Package xfsprogs updated to version 4.10.0-alt1 for branch sisyphus in task 181197.

Closed vulnerabilities

Published: 2015-08-25
Modified: 2025-04-12

CVE-2012-2150

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:

Closed bugs

Bug #33290

[FR] Обновить до актуальной версии

ALT-PU-2017-1403-1

Package salt updated to version 2016.11.3-alt1 for branch sisyphus in task 178938.

Closed vulnerabilities

Published: 2017-09-26
Modified: 2025-04-20

CVE-2017-5192

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-09-26
Modified: 2025-04-20

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-04-23
Modified: 2024-11-21

CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top