Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2676-1

Опубликовано: 09 окт. 2017
Источник: suse-cvrf

Описание

Security update for Salt

This update for salt fixes one security issue and bugs:

The following security issue has been fixed:

  • CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955).

Additionally, the following non-security issues have been fixed:

  • Added support for SUSE Manager scalability features. (bsc#1052264)
  • Introduced the kubernetes module. (bsc#1051948)
  • Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376)

Список пакетов

SUSE Enterprise Storage 3
salt-2016.11.4-46.7.1
salt-master-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
SUSE Enterprise Storage 4
salt-2016.11.4-46.7.1
salt-master-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
SUSE Linux Enterprise Module for Advanced Systems Management 12
salt-2016.11.4-46.7.1
salt-api-2016.11.4-46.7.1
salt-bash-completion-2016.11.4-46.7.1
salt-cloud-2016.11.4-46.7.1
salt-doc-2016.11.4-46.7.1
salt-master-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
salt-proxy-2016.11.4-46.7.1
salt-ssh-2016.11.4-46.7.1
salt-syndic-2016.11.4-46.7.1
salt-zsh-completion-2016.11.4-46.7.1
SUSE Linux Enterprise Point of Sale 12 SP2
salt-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
SUSE Manager Client Tools 12
salt-2016.11.4-46.7.1
salt-doc-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
SUSE Manager Proxy 3.0
salt-2016.11.4-46.7.1
salt-api-2016.11.4-46.7.1
salt-bash-completion-2016.11.4-46.7.1
salt-doc-2016.11.4-46.7.1
salt-master-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
salt-proxy-2016.11.4-46.7.1
salt-ssh-2016.11.4-46.7.1
salt-syndic-2016.11.4-46.7.1
salt-zsh-completion-2016.11.4-46.7.1
SUSE Manager Server 3.0
salt-2016.11.4-46.7.1
salt-api-2016.11.4-46.7.1
salt-bash-completion-2016.11.4-46.7.1
salt-doc-2016.11.4-46.7.1
salt-master-2016.11.4-46.7.1
salt-minion-2016.11.4-46.7.1
salt-proxy-2016.11.4-46.7.1
salt-ssh-2016.11.4-46.7.1
salt-syndic-2016.11.4-46.7.1
salt-zsh-completion-2016.11.4-46.7.1

Ссылки

Описание

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

Затронутые продукты
SUSE Enterprise Storage 3:salt-2016.11.4-46.7.1
SUSE Enterprise Storage 3:salt-master-2016.11.4-46.7.1
SUSE Enterprise Storage 3:salt-minion-2016.11.4-46.7.1
SUSE Enterprise Storage 4:salt-2016.11.4-46.7.1
Ссылки
Уязвимость SUSE-SU-2017:2676-1