2015.5.10 release docs

This commit is contained in:
Jacob Hammons 2016-03-23 14:04:29 -06:00
parent 0e66f678d4
commit 544a1661ce
3 changed files with 28 additions and 6 deletions

View File

@ -155,8 +155,8 @@ project = 'Salt'
copyright = '2016 SaltStack, Inc.'
version = salt.version.__version__
latest_release = '2015.8.7' # latest release
previous_release = '2015.5.9' # latest release from previous branch
latest_release = '2015.8.8' # latest release
previous_release = '2015.5.10' # latest release from previous branch
previous_release_dir = '2015.5' # path on web server for previous branch
build_type = 'previous' # latest, previous, develop, inactive

View File

@ -1,5 +1,21 @@
==========================================
Salt 2015.5.10 Release Notes (In Progress)
==========================================
============================
Salt 2015.5.10 Release Notes
============================
Security Fix
============
CVE-2016-3176: Insecure configuration of PAM external authentication service
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM
:ref:`external authentication <acl-eauth>` is enabled. This issue involves
passing an alternative PAM authentication service with a command that is sent
to :ref:`LocalClient <local-client>`, enabling the attacker to bypass the
configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com>
for bringing this issue to our attention.
This update defines the PAM eAuth ``service`` that users authenticate against
in the Salt Master configuration.
(No additional fixes are contained in this release).
In progress, not yet released.

View File

@ -0,0 +1,6 @@
==========================================
Salt 2015.5.11 Release Notes (In Progress)
==========================================
In progress, not yet released.