Security Update for salt

To: debian-backports-announce@lists.debian.org
Subject: Security Update for salt
From: Rhonda D'Vine <rhonda@debian.org>
Date: Wed, 5 Jul 2017 09:51:05 +0200
Message-id: <[🔎] 20170705075105.GA19276@anguilla.debian.or.at>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Al Nikolov uploaded new package for salt which fixed the
following security problem:

CVE-2017-8109
    The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4
    copied over configuration from the Salt Master without adjusting
    permissions, which might leak credentials to local attackers on
    configured minions (clients).

For the jessie-backports distribution the problems have been fixed in
version 2016.11.2+ds-1~bpo8+2.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELHLzKO0XByBPs0mU3ugEPuF+uzAFAllckSkACgkQ3ugEPuF+
uzChmg//TSJB/r9qHl3eZ9Y12z3IE2nFEgS+1TVG3Fe298K8KyNw4CYMRIwCXoyY
W2SGhu7M/PTr05LGMC434AvGyLiMCB4f0CZmdTbBYk9pLYJUJ+IjJ+LqNaNlwvLE
2vyuUKwtYHk2F9aScKUrhaA07/yQNzbcllk5KyjEcRiEWQ3CcfjnEtGv9hRFOHbw
EP7ctHzOLw+zLt+TKsO2a0pvFzRv8FOSVZ/8DmQd/S3LtwhHemZrWsDTE9EHkH9t
2IGdXnBpg7gdXgQY1FaguMKyduNTPM5DLv6FCkGAlmDv2VG7D4/303AFMUIfklWA
woEyvm0R9bk/p23ftwduAC+zi2b9IwBFeLn+Arv8ArDOlbQaOMhSDTOTa34CX5iF
kZVQrAKbgdB0sAJ6Zj2BS+AKnd3cN9E3UG+3KGLOo+id4pTPyiJkAWXgRC/Skroe
B7Ayn399Evydzv+A/W3l4KxeMbhAp37Xm9w45aNcdQHIwEVO5VSZRTpIviEmb66D
+Z7gZV/+06rBkwssuwdClA839XUOoQidQGVWhNlRxNAA/Nssr5t+7zHWSp3Aa+ha
bYV6z+dTawAxCTMpG73nVdi5vFgSaTUmnQ0FHSjTRTVlMQPB4wVv/LWw3RKl48Hg
Fm/EAS/dwL/55bOyq3YU9rI//vCsOR5N21bU/a88lV3ILjRmn2s=
=CN5a
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [BSA-116] Security Update for openvpn
Next by thread: [BSA-116] Security Update for openvpn
Index(es):
- Date
- Thread