Package salt updated to version 2016.3.3-alt1 for branch p8 in task 169238.

Published: 2017-01-31
Modified: 2024-11-21

CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html

Published: 2017-02-07
Modified: 2024-11-21

CVE-2016-9639

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

[oss-security] 20161125 CVE Request: salt confidentiality issue
[oss-security] 20161125 CVE Request: salt confidentiality issue
[oss-security] 20161125 Re: CVE Request: salt confidentiality issue
[oss-security] 20161125 Re: CVE Request: salt confidentiality issue
94553
94553
https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key

Обновить версию

Version: 2.1.0

Package salt update in p8 on 2016-09-07

ALT-PU-2016-1941-1

Closed vulnerabilities

CVE-2016-3176

CVE-2016-9639

Closed bugs

Bug #32464