| Summary: | <app-admin/salt-2014.1.10: Insecure tmp-file creation in seed.py, salt-ssh, and salt-cloud (CVE-2014-3563) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | chutzpah |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2014/08/21/9 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
CVE-2014-3563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3563): Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. Old versions are now removed from the tree. (In reply to Patrick McLean from comment #2) > Old versions are now removed from the tree. Much appreciated, thanks. No stabilized versions, closing noglsa. |
From ${URL} : We are pleased to announce the 2014.1.10 release of Salt. The release notes can be found here: http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html The sources are available on pypi: https://pypi.python.org/pypi/salt/2014.1.10 Salt 2014.1.10 fixes security issues documented by CVE-2014-3563: Insecure tmp-file creation in seed.py, salt-ssh, and salt-cloud. Upgrading is recommended. @maintainer(s): since the fixed version is already in the tree, please remove the affected versions.