diff options
author | Graham Christensen <graham@grahamc.com> | 2017-02-08 21:24:10 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-02-08 21:24:10 -0500 |
commit | 379144f54b2fa0e1568f72d58860393a1e09b92d (patch) | |
tree | dbd8cdc9877fc45baa2acea3159d76174d878416 | |
parent | e01278b2de9dcb8acf7846a5119b2ec9df2924fc (diff) | |
download | nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.tar nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.gz nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.bz2 nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.lz nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.xz nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.zst nixlib-379144f54b2fa0e1568f72d58860393a1e09b92d.zip |
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
From the Arch Linux advisory: - CVE-2017-5192 (arbitrary code execution): The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is only in effect when running salt-api as the `root` user. - CVE-2017-5200 (arbitrary command execution): Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.
-rw-r--r-- | pkgs/tools/admin/salt/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/tools/admin/salt/default.nix b/pkgs/tools/admin/salt/default.nix index 3386ed86a2a0..786e3f64cda1 100644 --- a/pkgs/tools/admin/salt/default.nix +++ b/pkgs/tools/admin/salt/default.nix @@ -8,11 +8,11 @@ python2Packages.buildPythonApplication rec { name = "salt-${version}"; - version = "2016.3.3"; + version = "2016.11.2"; src = fetchurl { url = "mirror://pypi/s/salt/${name}.tar.gz"; - sha256 = "1djjglnh6203y8dirziz5w6zh2lgszxp8ivi86nb7fgijj2h61jr"; + sha256 = "0hrss5x47cr7ffyjl8jlkhf9j88lqvg7c33rjc5bimck8b7x7hzm"; }; propagatedBuildInputs = with python2Packages; [ |