AVG-438

Package salt
Status Fixed
Severity Medium
Type multiple issues
Affected 2017.7.1-1
Fixed 2017.7.2-1
Current 2018.3.3-2 [community]
Ticket None
Created Mon Oct 9 19:52:21 2017
Issue Severity Remote Type Description
CVE-2017-14696 Medium Yes Denial of service
It has been discovered that salt incorrectly handled IDs with null bytes in decoded payloads. A specially crafted authentication request will crash the...
CVE-2017-14695 Medium Yes Directory traversal
It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master. The flaw is within the minion id...
Date Advisory Package Description
09 Oct 2017 ASA-201710-12 salt multiple issues
References
https://groups.google.com/forum/#!topic/salt-announce/X8ZiQrZLujA