1.4 KiB
Salt 2015.5.10 Release Notes
- release
- 2015-03-22
Version 2015.5.10 is a bugfix release for 2015.5.0 <release-2015-5-0>.
Security Fix
CVE-2016-3176 Insecure configuration of PAM external authentication service
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when
PAM external authentication <acl-eauth> is enabled.
This issue involves passing an alternative PAM authentication service
with a command that is sent to LocalClient <local-client>, enabling the
attacker to bypass the configured authentication service. Thank you to
Dylan Frese <dmfrese@gmail.com> for bringing this issue to our
attention.
This update defines the PAM eAuth service that users
authenticate against in the Salt Master configuration.
No additional fixes are included in this release.
Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.5.9
Salt systemd service files are missing the following
statement in these versions:
[Service]
KillMode=processThis statement must be added to successfully upgrade on these earlier versions of Salt.
Changelog for v2015.5.9..v2015.5.10
Generated at: 2018-05-27 22:39:26 UTC
69ba1de71dRemove ability of authenticating user to specify pam service