Bug 1090665 (CVE-2017-7893)

Summary: VUL-0: CVE-2017-7893: salt: In Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: E-Mail List <salt-maintainers>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None CC: kkaempf, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/204757/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Karol Babioch 2018-04-24 08:17:06 UTC
CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the
salt-master.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7893
https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
Comment 1 Klaus Kämpf 2018-04-24 08:29:39 UTC
Salt 2016.11.7 is the currently maintained version.