mirror of
https://github.com/valitydev/salt.git
synced 2024-11-09 01:36:48 +00:00
35 lines
1.2 KiB
ReStructuredText
35 lines
1.2 KiB
ReStructuredText
============================
|
|
Salt 2015.5.10 Release Notes
|
|
============================
|
|
|
|
Security Fix
|
|
============
|
|
|
|
CVE-2016-3176: Insecure configuration of PAM external authentication service
|
|
|
|
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM
|
|
:ref:`external authentication <acl-eauth>` is enabled. This issue involves
|
|
passing an alternative PAM authentication service with a command that is sent
|
|
to :ref:`LocalClient <local-client>`, enabling the attacker to bypass the
|
|
configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com>
|
|
for bringing this issue to our attention.
|
|
|
|
This update defines the PAM eAuth ``service`` that users authenticate against
|
|
in the Salt Master configuration.
|
|
|
|
(No additional fixes are contained in this release).
|
|
|
|
Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.5.9
|
|
================================================================================
|
|
|
|
Salt ``systemd`` service files are missing the following statement in these versions:
|
|
|
|
.. code-block:: ini
|
|
|
|
[Service]
|
|
KillMode=process
|
|
|
|
This statement must be added to successfully upgrade on these earlier versions
|
|
of Salt.
|
|
|