update 0.17.1 release notes

doc/topics/releases/0.17.1.rst

@@ -2,6 +2,207 @@
 Salt 0.17.1 Release Notes
 =========================
 
+The 0.17.1 release comes with a number of improvements to salt-ssh, many
+bugfixes, and a number of security updates.
+
+Salt SSH has been improved to be faster, more feature full and more secure.
+Since the original release of Salt SSH was primarily a proof of concept, it has
+been very exciting to see its rapid adoption. We appreciate the willingness of
+security experts to review Salt SSH and help discover oversights and ensure
+that security issues only exist for such a tiny window of time.
+
+
+SSH Enhancements
+================
+
+Shell Improvements
+------------------
+
+Improvements to Salt SSH's communication have been added that improve routine
+execution regardless of the target system's login shell.
+
+Performance
+-----------
+
+Deployment of routines is now faster and takes fewer commands to execute.
+
+Security Updates
+================
+
+Be advised that these security issues all apply to a small subset of Salt
+users and mostly apply to Salt SSH.
+
+Insufficent Argument Validation
+-------------------------------
+
+This issue allowed for a user with limited privileges to embed executions
+inside of routines to execute routines that should be restricted. This applies
+to users using external auth or client acl and opening up specific routines.
+
+Be advised that these patches address the direct issue, additional commits have
+been applied to help mitigate this issue from resurfacing.
+
+CVE
+~~~
+
+CVE-2013-4435
+
+Affected Versions
+-----------------
+
+0.15.0 - 0.17.0
+
+Patches
+~~~~~~~
+https://github.com/saltstack/salt/commit/6d8ef68b605fd63c36bb8ed96122a75ad2e80269
+https://github.com/saltstack/salt/commit/ebdef37b7e5d2b95a01d34b211c61c61da67e46a
+https://github.com/saltstack/salt/commit/7f190ff890e47cdd591d9d7cefa5126574660824
+https://github.com/saltstack/salt/commit/8e5afe59cef6743fe5dbd510dcf463dbdfca1ced
+https://github.com/saltstack/salt/commit/aca78f314481082862e96d4f0c1b75fa382bb885
+https://github.com/saltstack/salt/commit/6a9752cdb1e8df2c9505ea910434c79d132eb1e2
+https://github.com/saltstack/salt/commit/b73677435ba54ecfc93c1c2d840a7f9ba6f53410
+https://github.com/saltstack/salt/commit/07972eb0a6f985749a55d8d4a2e471596591c80d
+https://github.com/saltstack/salt/commit/1e3f197726aa13ac5c3f2416000089f477f489b5
+
+Found By
+~~~~~~~~
+
+Feth Arezki, of Majerti
+
+MITM ssh attack in salt-ssh
+---------------------------
+
+Ssh host keys were being accepted by default and not enforced on future ssh
+connections. These patches set ssh host key checking by default and can be
+overridden by passing the -i flag to `salt-ssh`.
+
+CVE
+~~~
+
+CVE-2013-4436
+
+Affected Versions
+~~~~~~~~~~~~~~~~~
+
+0.17.0
+
+Found By
+~~~~~~~~
+
+Michael Scherer, Red Hat
+
+Insecure Usage of /tmp in salt-ssh
+----------------------------------
+
+The initial release of salt-ssh used the /tmp directory in an insecure way.
+These patches not only secure usage of files under /tmp in salt-ssh, but
+also add checksum validation for all packages sent into the now secure
+locations on target systems.
+
+CVE
+~~~
+
+CVE-2013-4438
+
+Affected Versions
+~~~~~~~~~~~~~~~~~
+
+0.17.0
+
+Patches
+~~~~~~~
+https://github.com/saltstack/salt/commit/aa4bb77ef230758cad84381dde0ec660d2dc340a
+https://github.com/saltstack/salt/commit/8f92b6b2cb2e4ec3af8783eb6bf4ff06f5a352cf
+https://github.com/saltstack/salt/commit/c58e56811d5a50c908df0597a0ba0b643b45ebfd
+https://github.com/saltstack/salt/commit/0359db9b46e47614cff35a66ea6a6a76846885d2
+https://github.com/saltstack/salt/commit/4348392860e0fd43701c331ac3e681cf1a8c17b0
+https://github.com/saltstack/salt/commit/664d1a1cac05602fad2693f6f97092d98a72bf61
+https://github.com/saltstack/salt/commit/bab92775a576e28ff9db262f32db9cf2375bba87
+https://github.com/saltstack/salt/commit/c6d34f1acf64900a3c87a2d37618ff414e5a704e
+
+Found By
+~~~~~~~~
+
+Michael Scherer, Red Hat
+
+YAML Calling Unsafe Loading Routine
+-----------------------------------
+
+It has been argued that this is not a valid security issue, as the YAML loading
+that was happening was only being called after an initial gateway filter in
+Salt has already safely loaded the YAML and would fail if non-safe routines
+were embedded. Nonetheless, the CVE was filed and patches applied.
+
+CVE
+~~~
+
+CVE-2013-4438
+
+Patches
+-------
+https://github.com/saltstack/salt/commit/339b0a51befae6b6b218ebcb55daa9cd3329a1c5
+
+Found By
+~~~~~~~~
+
+Michael Scherer, Red Hat
+
+Failure to Drop Supplementary Group on Salt Master
+--------------------------------------------------
+
+If a salt master was started as a non-root user by the root user, root's
+groups would still be applied to the running process. This fix changes the
+process to have only the groups of the running user.
+
+CVE
+~~~
+
+CVE not considered necessary by submitter.
+
+Affected Versions
+~~~~~~~~~~~~~~~~~
+
+0.11.0 - 0.17.0
+
+Patches
+~~~~~~~
+https://github.com/saltstack/salt/commit/b89fa9135822d029795ab1eecd68cce2d1ced715
+
+Found By
+~~~~~~~~
+
+Michael Scherer, Red Hat
+
+Failure to Validate Minions Posting Data
+----------------------------------------
+
+This issue allowed a minion to pose as another authorized minion when posting
+data such as the mine data. All minions now pass through the id challenge
+before posting such data.
+
+CVE
+~~~
+
+CVE-2013-4439
+
+Affected Versions
+~~~~~~~~~~~~~~~~~
+
+0.15.0 - 0.17.0
+
+Patches
+-------
+https://github.com/saltstack/salt/commit/7b850ff3d07ef6782888914ac4556c01e8a1c482
+https://github.com/saltstack/salt/commit/151759b2a1e1c6ce29277aa81b054219147f80fd
+
+Found By
+~~~~~~~~
+
+David Anderson
+
+Fix Reference
+=============
+
 Version 0.17.1 is the first bugfix release for :doc:`0.17.0
 </topics/releases/0.17.0>`.  The changes include: