mirror of
https://github.com/valitydev/salt.git
synced 2024-11-09 01:36:48 +00:00
261 lines
8.1 KiB
ReStructuredText
261 lines
8.1 KiB
ReStructuredText
=========================
|
|
Salt 0.17.1 Release Notes
|
|
=========================
|
|
|
|
:release: 2013-10-17
|
|
|
|
.. note::
|
|
|
|
THIS RELEASE IS NOT COMPATIBLE WITH PREVIOUS VERSIONS. If you update your
|
|
master to 0.17.1, you must update your minions as well. Sorry for the
|
|
inconvenience -- this is a result of one of the security fixes listed
|
|
below.
|
|
|
|
The 0.17.1 release comes with a number of improvements to salt-ssh, many
|
|
bugfixes, and a number of security updates.
|
|
|
|
Salt SSH has been improved to be faster, more featureful and more secure.
|
|
Since the original release of Salt SSH was primarily a proof of concept, it has
|
|
been very exciting to see its rapid adoption. We appreciate the willingness of
|
|
security experts to review Salt SSH and help discover oversights and ensure
|
|
that security issues only exist for such a tiny window of time.
|
|
|
|
|
|
SSH Enhancements
|
|
================
|
|
|
|
Shell Improvements
|
|
------------------
|
|
|
|
Improvements to Salt SSH's communication have been added that improve routine
|
|
execution regardless of the target system's login shell.
|
|
|
|
Performance
|
|
-----------
|
|
|
|
Deployment of routines is now faster and takes fewer commands to execute.
|
|
|
|
Security Updates
|
|
================
|
|
|
|
Be advised that these security issues all apply to a small subset of Salt
|
|
users and mostly apply to Salt SSH.
|
|
|
|
Insufficient Argument Validation
|
|
--------------------------------
|
|
|
|
This issue allowed for a user with limited privileges to embed executions
|
|
inside of routines to execute routines that should be restricted. This applies
|
|
to users using external auth or client ACL and opening up specific routines.
|
|
|
|
Be advised that these patches address the direct issue. Additional commits have
|
|
been applied to help mitigate this issue from resurfacing.
|
|
|
|
CVE
|
|
~~~
|
|
|
|
CVE-2013-4435
|
|
|
|
Affected Versions
|
|
-----------------
|
|
|
|
0.15.0 - 0.17.0
|
|
|
|
Patches
|
|
~~~~~~~
|
|
https://github.com/saltstack/salt/commit/6d8ef68b605fd63c36bb8ed96122a75ad2e80269
|
|
https://github.com/saltstack/salt/commit/ebdef37b7e5d2b95a01d34b211c61c61da67e46a
|
|
https://github.com/saltstack/salt/commit/7f190ff890e47cdd591d9d7cefa5126574660824
|
|
https://github.com/saltstack/salt/commit/8e5afe59cef6743fe5dbd510dcf463dbdfca1ced
|
|
https://github.com/saltstack/salt/commit/aca78f314481082862e96d4f0c1b75fa382bb885
|
|
https://github.com/saltstack/salt/commit/6a9752cdb1e8df2c9505ea910434c79d132eb1e2
|
|
https://github.com/saltstack/salt/commit/b73677435ba54ecfc93c1c2d840a7f9ba6f53410
|
|
https://github.com/saltstack/salt/commit/07972eb0a6f985749a55d8d4a2e471596591c80d
|
|
https://github.com/saltstack/salt/commit/1e3f197726aa13ac5c3f2416000089f477f489b5
|
|
|
|
Found By
|
|
~~~~~~~~
|
|
|
|
Feth Arezki, of Majerti
|
|
|
|
MITM SSH attack in salt-ssh
|
|
---------------------------
|
|
|
|
SSH host keys were being accepted by default and not enforced on future SSH
|
|
connections. These patches set SSH host key checking by default and can be
|
|
overridden by passing the -i flag to `salt-ssh`.
|
|
|
|
CVE
|
|
~~~
|
|
|
|
CVE-2013-4436
|
|
|
|
Affected Versions
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
0.17.0
|
|
|
|
Found By
|
|
~~~~~~~~
|
|
|
|
Michael Scherer, Red Hat
|
|
|
|
Insecure Usage of /tmp in salt-ssh
|
|
----------------------------------
|
|
|
|
The initial release of salt-ssh used the /tmp directory in an insecure way.
|
|
These patches not only secure usage of files under /tmp in salt-ssh, but
|
|
also add checksum validation for all packages sent into the now secure
|
|
locations on target systems.
|
|
|
|
CVE
|
|
~~~
|
|
|
|
CVE-2013-4438
|
|
|
|
Affected Versions
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
0.17.0
|
|
|
|
Patches
|
|
~~~~~~~
|
|
https://github.com/saltstack/salt/commit/aa4bb77ef230758cad84381dde0ec660d2dc340a
|
|
https://github.com/saltstack/salt/commit/8f92b6b2cb2e4ec3af8783eb6bf4ff06f5a352cf
|
|
https://github.com/saltstack/salt/commit/c58e56811d5a50c908df0597a0ba0b643b45ebfd
|
|
https://github.com/saltstack/salt/commit/0359db9b46e47614cff35a66ea6a6a76846885d2
|
|
https://github.com/saltstack/salt/commit/4348392860e0fd43701c331ac3e681cf1a8c17b0
|
|
https://github.com/saltstack/salt/commit/664d1a1cac05602fad2693f6f97092d98a72bf61
|
|
https://github.com/saltstack/salt/commit/bab92775a576e28ff9db262f32db9cf2375bba87
|
|
https://github.com/saltstack/salt/commit/c6d34f1acf64900a3c87a2d37618ff414e5a704e
|
|
|
|
Found By
|
|
~~~~~~~~
|
|
|
|
Michael Scherer, Red Hat
|
|
|
|
YAML Calling Unsafe Loading Routine
|
|
-----------------------------------
|
|
|
|
It has been argued that this is not a valid security issue, as the YAML loading
|
|
that was happening was only being called after an initial gateway filter in
|
|
Salt has already safely loaded the YAML and would fail if non-safe routines
|
|
were embedded. Nonetheless, the CVE was filed and patches applied.
|
|
|
|
CVE
|
|
~~~
|
|
|
|
CVE-2013-4438
|
|
|
|
Patches
|
|
-------
|
|
https://github.com/saltstack/salt/commit/339b0a51befae6b6b218ebcb55daa9cd3329a1c5
|
|
|
|
Found By
|
|
~~~~~~~~
|
|
|
|
Michael Scherer, Red Hat
|
|
|
|
Failure to Drop Supplementary Group on Salt Master
|
|
--------------------------------------------------
|
|
|
|
If a salt master was started as a non-root user by the root user, root's
|
|
groups would still be applied to the running process. This fix changes the
|
|
process to have only the groups of the running user.
|
|
|
|
CVE
|
|
~~~
|
|
|
|
CVE not considered necessary by submitter.
|
|
|
|
Affected Versions
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
0.11.0 - 0.17.0
|
|
|
|
Patches
|
|
~~~~~~~
|
|
https://github.com/saltstack/salt/commit/b89fa9135822d029795ab1eecd68cce2d1ced715
|
|
|
|
Found By
|
|
~~~~~~~~
|
|
|
|
Michael Scherer, Red Hat
|
|
|
|
Failure to Validate Minions Posting Data
|
|
----------------------------------------
|
|
|
|
This issue allowed a minion to pose as another authorized minion when posting
|
|
data such as the mine data. All minions now pass through the id challenge
|
|
before posting such data.
|
|
|
|
CVE
|
|
~~~
|
|
|
|
CVE-2013-4439
|
|
|
|
Affected Versions
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
0.15.0 - 0.17.0
|
|
|
|
Patches
|
|
-------
|
|
https://github.com/saltstack/salt/commit/7b850ff3d07ef6782888914ac4556c01e8a1c482
|
|
https://github.com/saltstack/salt/commit/151759b2a1e1c6ce29277aa81b054219147f80fd
|
|
|
|
Found By
|
|
~~~~~~~~
|
|
|
|
David Anderson
|
|
|
|
Fix Reference
|
|
=============
|
|
|
|
Version 0.17.1 is the first bugfix release for :doc:`0.17.0
|
|
</topics/releases/0.17.0>`. The changes include:
|
|
|
|
- Fix symbolic links in thin.tgz (:issue:`7482`)
|
|
- Pass env through to file.patch state (:issue:`7452`)
|
|
- Service provider fixes and reporting improvements (:issue:`7361`)
|
|
- Add ``--priv`` option for specifying salt-ssh private key
|
|
- Fix salt-thin's salt-call on setuptools installations (:issue:`7516`)
|
|
- Fix salt-ssh to support passwords with spaces (:issue:`7480`)
|
|
- Fix regression in wildcard includes (:issue:`7455`)
|
|
- Fix salt-call outputter regression (:issue:`7456`)
|
|
- Fix custom returner support for startup states (:issue:`7540`)
|
|
- Fix value handling in augeas (:issue:`7605`)
|
|
- Fix regression in apt (:issue:`7624`)
|
|
- Fix minion ID guessing to use ``socket.getfqdn()`` first (:issue:`7558`)
|
|
- Add minion ID caching (:issue:`7558`)
|
|
- Fix salt-key race condition (:issue:`7304`)
|
|
- Add ``--include-all`` flag to salt-key (:issue:`7399`)
|
|
- Fix custom grains in pillar (part of :issue:`5716`, :issue:`6083`)
|
|
- Fix race condition in salt-key (:issue:`7304`)
|
|
- Fix regression in minion ID guessing, prioritize ``socket.getfqdn()``
|
|
(:issue:`7558`)
|
|
- Cache minion ID on first guess (:issue:`7558`)
|
|
- Allow trailing slash in ``file.directory`` state
|
|
- Fix reporting of file_roots in pillar return (:issue:`5449` and
|
|
:issue:`5951`)
|
|
- Remove pillar matching for mine.get (:issue:`7197`)
|
|
- Sanitize args for multiple execution modules
|
|
- Fix yumpkg mod_repo functions to filter hidden args (:issue:`7656`)
|
|
- Fix conflicting IDs in state includes (:issue:`7526`)
|
|
- Fix mysql_grants.absent string formatting issue (:issue:`7827`)
|
|
- Fix postgres.version so it won't return None (:issue:`7695`)
|
|
- Fix for trailing slashes in mount.mounted state
|
|
- Fix rogue AttributErrors in the outputter system (:issue:`7845`)
|
|
- Fix for incorrect ssh key encodings resulting in incorrect key added
|
|
(:issue:`7718`)
|
|
- Fix for pillar/grains naming regression in python renderer (:issue:`7693`)
|
|
- Fix args/kwargs handling in the scheduler (:issue:`7422`)
|
|
- Fix logfile handling for `file://`, `tcp://`, and `udp://` (:issue:`7754`)
|
|
- Fix error handling in config file parsing (:issue:`6714`)
|
|
- Fix RVM using sudo when running as non-root user (:issue:`2193`)
|
|
- Fix client ACL and underlying logging bugs (:issue:`7706`)
|
|
- Fix scheduler bug with returner (:issue:`7367`)
|
|
- Fix user management bug related to default groups (:issue:`7690`)
|
|
- Fix various salt-ssh bugs (:issue:`7528`)
|
|
- Many various documentation fixes
|