saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
salt/doc/topics/releases/2019.2.6.rst
Daniel Wozniak 023528b3b1
3002.1 (#58871) 
* Fix CVE-2020-16846

Stop calling Popen with shell=True to prevent shell injection attacks on
the netapi salt-ssh client.

* Add tests to verify strict permissions on private keys

* Set mode of key files to 0600 instead of leaving them world readable

* Apply pre-commit fixes

* Open files with proper permissions

* Add cve id to changelog

* Security docs updates with newer resource links

* Changelog/Releasenotes update 3001.2

* Add man_pages 3001.2

* cve-2020-17490 consistancy hotfix

* Tests and fix for CVE-2020-25592

* Update man pages 3001.3

* Clear up requirements for salt-api+ssh

* Add ssh_options to roster docs

* Update changelog / releasenotes 3001.3

* Do not overwrite master keys

salt-api should not overwrite the master's keys when it starts up. Give
salt-api it's own cache directory and set of keys.

* Update for 3002.1 Release

* Update releasenotes

* Fix typos and pre-commit

* Fix spelling issue

* Fix pre-commit

* Update 2019.2.6.rst

Fix doc

Co-authored-by: Jasper Lievisse Adriaanse <j@jasper.la>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>
Co-authored-by: Ken Crowell <kcrowell@saltstack.com>
Co-authored-by: Sage the Rage <36676171+sagetherage@users.noreply.github.com>
2020-11-12 10:48:38 -07:00

360 B
Raw Blame History

Salt 2019.2.6 Release Notes

Version 2019.2.6 is a CVE fix release for 2019.2.0 <release-2019-2-0>.

Fixed

  • Prevent shell injections in netapi ssh client (cve-2020-16846)
  • Prevent creating world readable private keys with the tls execution module. (cve-2020-17490)