Package salt updated to version 2014.7-alt2.M70P.1 for branch t7 in task 138573.

Published: 2013-11-05
Modified: 2024-11-21

CVE-2013-4438

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

Severity: HIGH (7.5)

References:

http://docs.saltstack.com/topics/releases/0.17.1.html
http://docs.saltstack.com/topics/releases/0.17.1.html
[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation
[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation

Published: 2014-08-22
Modified: 2024-11-21

CVE-2014-3563

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

Severity: HIGH (7.2)

References:

http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
[oss-security] 20140821 Revised: Salt 2014.1.10 released
[oss-security] 20140821 Revised: Salt 2014.1.10 released
69319
69319
salt-cve20143563-symlink(95392)
salt-cve20143563-symlink(95392)

Version: 2.1.0

Package salt update in t7 on 2015-01-15

ALT-PU-2015-1043-1

Closed vulnerabilities

CVE-2013-4438

CVE-2014-3563