Context Navigation

← Previous Ticket
Next Ticket →

#55059 closed update (fixed)

salt @2017.7.1: update to 2017.7.2

Reported by:	l2dy (Zero King)	Owned by:	aphor (Jeremy McMillan)
Priority:	Normal	Milestone:
Component:	ports	Version:
Keywords:	security	Cc:
Port:	salt

Description

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost (julian@…)

CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for discovering the security flaw goes to: Julian Brost (julian@…)

Change History (2)

comment:1 Changed 7 years ago by aphor (Jeremy McMillan)

Resolution:	→ fixed
Status:	new → closed

In 9e8e9f30a07be9a8ee372e51c327de37a672f615/macports-ports:

salt: update to 2017.7.2

security CVE-2017-14695
security CVE-2017-14696
Closes: #55059

comment:2 Changed 7 years ago by aphor (Jeremy McMillan)

In 9e8e9f30a07be9a8ee372e51c327de37a672f615/macports-ports:

salt: update to 2017.7.2

security CVE-2017-14695
security CVE-2017-14696
Closes: #55059

Note: See TracTickets for help on using tickets.

Download in other formats: