Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
nee2c
/
salt
peilaus alkaen https://github.com/nee2c/salt.git
1
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Puu: 34e17e8139
Haarat Tagit
salt
/
doc
/
topics
/
releases
/
2016.3.8.rst

2016.3.8.rst 923 B
Historia Raaka

123456789101112131415161718192021222324252627282930 
  1. ===========================
    2. 

  2. Salt 2016.3.8 Release Notes
    3. 

  3. ===========================
    4. 

  4. 

  5. Version 2016.3.8 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.
    6. 

  6. 

  7. 

  8. Security Fix
    9. 

  9. ============
    10. 

  10. 

  11. **CVE-2017-14695** Directory traversal vulnerability in minion id validation in
    12. 

  12. SaltStack. Allows remote minions with incorrect credentials to authenticate to
    13. 

  13. a master via a crafted minion ID. Credit for discovering the security flaw goes
    14. 

  14. to: Julian Brost (julian@0x4a42.net)
    15. 

  15. 

  16. **CVE-2017-14696** Remote Denial of Service with a specially crafted
    17. 

  17. authentication request. Credit for discovering the security flaw goes to:
    18. 

  18. Julian Brost (julian@0x4a42.net)
    19. 

  19. 

  20. 

  21. Changelog for v2016.3.7..v2016.3.8
    22. 

  22. ==================================
    23. 

  23. 

  24. *Generated at: 2018-05-27 14:11:36 UTC*
    25. 

  25. 

  26. * 8cf08bd7be Update 2016.3.7 Release Notes
    27. 

  27. 

  28. * 0425defe84 Do not allow IDs with null bytes in decoded payloads
    29. 

  29. 

  30. * 31b38f50eb Don't allow path separators in minion ID
    31.