Download
| Alert*
|
oval:org.secpod.oval:def:89044559
This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems to restart salt-minion in case of crashes during upgrade. - Fix format error. - Fix ownership for whole master cache directory. - Disable 3rd par ... oval:org.secpod.oval:def:1800438 CVE-2017-5192: local_batch client external authentication not respected The `LocalClient.cmd_batch` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is o ... oval:org.secpod.oval:def:1900722 Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-common-master via Salt"s ssh_client. Users of Salt-API and salt-common-ssh could execute a command on the salt-common master via a hole when both systems ... |
