Salt 2015.8.13 Release Notes

Version 2015.8.13 is a bugfix release for 2015.8.0.

Security Fixes

CVE-2017-5192 local_batch client external authentication not respected

The LocalClient.cmd_batch() method client does not accept external_auth credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the root user.

CVE-2017-5200 Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client

Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.

We recommend everyone on the 2015.8 branch upgrade to a patched release as soon as possible.

Generated on October 23, 2024 at 09:02:06 UTC.

You are viewing docs for the latest stable release, 3007.1. Switch to docs for the previous stable release, 3006.9, or to a recent doc build from the master branch.


saltproject.io

© 2024 VMware, Inc. | Privacy Policy