valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
dae65da256
salt/doc/topics/releases/2015.8.13.rst
Erik Johnson 93ee5ee2b0
Fix all Sphinx warnings 
Well, all but one, which we expect to see
2018-05-31 15:28:25 -05:00

26 lines
880 B
ReStructuredText
Raw Blame History

============================
Salt 2015.8.13 Release Notes
============================
Version 2015.8.13 is a bugfix release for :ref:`2015.8.0 <release-2015-8-0>`.
Security Fixes
==============
**CVE-2017-5192** local_batch client external authentication not respected
The ``LocalClient.cmd_batch()`` method client does not accept ``external_auth``
credentials and so access to it from salt-api has been removed for now. This
vulnerability allows code execution for already-authenticated users and is only
in effect when running salt-api as the ``root`` user.
**CVE-2017-5200** Salt-api allows arbitrary command execution on a salt-master
via Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a
hole when both systems were enabled.
We recommend everyone on the 2015.8 branch upgrade to a patched release as soon
as possible.
Reference in New Issue View Git Blame Copy Permalink