mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 08:58:59 +00:00
22 lines
784 B
ReStructuredText
22 lines
784 B
ReStructuredText
============================
|
|
Salt 2015.5.10 Release Notes
|
|
============================
|
|
|
|
Security Fix
|
|
============
|
|
|
|
CVE-2016-3176: Insecure configuration of PAM external authentication service
|
|
|
|
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM
|
|
:ref:`external authentication <acl-eauth>` is enabled. This issue involves
|
|
passing an alternative PAM authentication service with a command that is sent
|
|
to :ref:`LocalClient <local-client>`, enabling the attacker to bypass the
|
|
configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com>
|
|
for bringing this issue to our attention.
|
|
|
|
This update defines the PAM eAuth ``service`` that users authenticate against
|
|
in the Salt Master configuration.
|
|
|
|
(No additional fixes are contained in this release).
|
|
|