Описание
Security update for salt
This update for salt fixes one security issue and bugs.
The following security issue has been fixed:
- CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955).
Additionally, the following non-security issues have been fixed:
- Added support for SUSE Manager scalability features. (bsc#1052264)
- Introduced the kubernetes module. (bsc#1051948)
- Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376)
Список пакетов
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
salt-2016.11.4-43.7.1
salt-doc-2016.11.4-43.7.1
salt-minion-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
salt-2016.11.4-43.7.1
salt-doc-2016.11.4-43.7.1
salt-minion-2016.11.4-43.7.1
Ссылки
- Link for SUSE-SU-2017:2666-1
- E-Mail link for SUSE-SU-2017:2666-1
- SUSE Security Ratings
- SUSE Bug 1051948
- SUSE Bug 1052264
- SUSE Bug 1053376
- SUSE Bug 1053955
- SUSE CVE CVE-2017-12791 page
Описание
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2016.11.4-43.7.1
Ссылки
- CVE-2017-12791
- SUSE Bug 1053955
- SUSE Bug 1062462