AVG-438 log
| Package | salt |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2017.7.1-1 |
| Fixed | 2017.7.2-1 |
| Current | 3007.0-1 [extra] |
| Ticket | None |
| Created | Mon Oct 9 19:52:21 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-14696 | Medium | Yes | Denial of service | It has been discovered that salt incorrectly handled IDs with null bytes in decoded payloads. A specially crafted authentication request will crash the... |
| CVE-2017-14695 | Medium | Yes | Directory traversal | It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master. The flaw is within the minion id... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 09 Oct 2017 | ASA-201710-12 | salt | multiple issues |
| References |
|---|
https://groups.google.com/forum/#!topic/salt-announce/X8ZiQrZLujA |