Описание
Security update for salt
This update for salt fixes the following issues:
- CVE-2016-1866: Improper handling of clear messages on the minion remote code execution (boo#965403)
The following bugs were fixed:
- boo#958350: Salt crashes on invalid UTF-8 in package data
- boo#959572: 'salt '*' pkg.info_installed' causes exception on sles12sp1 client
- boo#963322: salt-api cannot be stopped correctly
Список пакетов
openSUSE Leap 42.1
salt-2015.8.7-13.1
salt-api-2015.8.7-13.1
salt-bash-completion-2015.8.7-13.1
salt-cloud-2015.8.7-13.1
salt-doc-2015.8.7-13.1
salt-fish-completion-2015.8.7-13.1
salt-master-2015.8.7-13.1
salt-minion-2015.8.7-13.1
salt-proxy-2015.8.7-13.1
salt-raet-2015.8.7-13.1
salt-ssh-2015.8.7-13.1
salt-syndic-2015.8.7-13.1
salt-zsh-completion-2015.8.7-13.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0694-1
- SUSE Security Ratings
Описание
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
Затронутые продукты
openSUSE Leap 42.1:salt-2015.8.7-13.1
openSUSE Leap 42.1:salt-api-2015.8.7-13.1
openSUSE Leap 42.1:salt-bash-completion-2015.8.7-13.1
openSUSE Leap 42.1:salt-cloud-2015.8.7-13.1
Ссылки
- CVE-2016-1866
- SUSE Bug 965403