Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 633868 (CVE-2017-14695, CVE-2017-14696)

Summary: <app-admin/salt-{2016.3.8, 2016.11.8, 2017.7.2}: multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: chutzpah
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
Whiteboard: ~2 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 627928    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-09 17:53:19 UTC 
CVE-2017-14695 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14695):
  Directory traversal vulnerability in minion id validation in SaltStack.
  Allows remote minions with incorrect credentials to authenticate to a master
  via a crafted minion ID.

CVE-2017-14696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14696):
  Remote Denial of Service with a specially crafted authentication request.
Comment 1 Larry the Git Cow gentoo-dev 2017-10-12 01:56:24 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b197479f09b76b5949257698be5d61963c4bf19

commit 1b197479f09b76b5949257698be5d61963c4bf19
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2017-10-12 01:54:37 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2017-10-12 01:56:13 +0000

    app-admin/salt: Version bump to 2016.3.8
    
    Bug: https://bugs.gentoo.org/633868
    Package-Manager: Portage-2.3.11, Repoman-2.3.3

 app-admin/salt/Manifest             |   1 +
 app-admin/salt/salt-2016.3.8.ebuild | 147 ++++++++++++++++++++++++++++++++++++
 2 files changed, 148 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3f64b31e3f0527ad788ec0dcab65c92178fbcea

commit d3f64b31e3f0527ad788ec0dcab65c92178fbcea
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2017-10-12 01:18:42 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2017-10-12 01:56:11 +0000

    app-admin/salt: Version bump to 2017.11.8
    
    Bug: https://bugs.gentoo.org/633868
    Package-Manager: Portage-2.3.11, Repoman-2.3.3

 app-admin/salt/Manifest              |   1 +
 app-admin/salt/salt-2016.11.8.ebuild | 146 +++++++++++++++++++++++++++++++++++
 2 files changed, 147 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d082e7a9c6c822343f67951dbbcb180714bc1699

commit d082e7a9c6c822343f67951dbbcb180714bc1699
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2017-10-12 01:11:16 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2017-10-12 01:56:10 +0000

    app-admin/salt: Version bump to 2017.7.2
    
    Bug: https://bugs.gentoo.org/633868
    
    Package-Manager: Portage-2.3.11, Repoman-2.3.3

 app-admin/salt/Manifest             |   1 +
 app-admin/salt/salt-2017.7.2.ebuild | 140 ++++++++++++++++++++++++++++++++++++
 2 files changed, 141 insertions(+)}
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2017-10-28 14:05:19 UTC 
@maintainer, please cleanup.  This also depends on the other comments in bug #627928
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-01-25 00:53:39 UTC 
Tree is clean.