Summary: | <app-admin/salt-2014.1.10: Insecure tmp-file creation in seed.py, salt-ssh, and salt-cloud (CVE-2014-3563) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | chutzpah |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/08/21/9 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-08-21 17:48:22 UTC
CVE-2014-3563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3563): Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. Old versions are now removed from the tree. (In reply to Patrick McLean from comment #2) > Old versions are now removed from the tree. Much appreciated, thanks. No stabilized versions, closing noglsa. |