379144f54b
From the Arch Linux advisory: - CVE-2017-5192 (arbitrary code execution): The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is only in effect when running salt-api as the `root` user. - CVE-2017-5200 (arbitrary command execution): Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled. |
||
---|---|---|
.. | ||
analog | ||
awslogs | ||
certbot | ||
cli53 | ||
daemontools | ||
dehydrated | ||
google-cloud-sdk | ||
gtk-vnc | ||
lxd | ||
nxproxy | ||
salt | ||
sec | ||
simp_le | ||
tigervnc | ||
tightvnc |