summary refs log tree commit diff
path: root/pkgs/tools/admin/salt
diff options
context:
space:
mode:
authorGraham Christensen <graham@grahamc.com>2017-02-08 21:24:10 -0500
committerGraham Christensen <graham@grahamc.com>2017-02-08 21:24:10 -0500
commit379144f54b2fa0e1568f72d58860393a1e09b92d (patch)
treedbd8cdc9877fc45baa2acea3159d76174d878416 /pkgs/tools/admin/salt
parente01278b2de9dcb8acf7846a5119b2ec9df2924fc (diff)
downloadnixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.tar
nixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.gz
nixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.bz2
nixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.lz
nixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.xz
nixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.tar.zst
nixpkgs-379144f54b2fa0e1568f72d58860393a1e09b92d.zip
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.
Diffstat (limited to 'pkgs/tools/admin/salt')
-rw-r--r--pkgs/tools/admin/salt/default.nix4
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/tools/admin/salt/default.nix b/pkgs/tools/admin/salt/default.nix
index 3386ed86a2a..786e3f64cda 100644
--- a/pkgs/tools/admin/salt/default.nix
+++ b/pkgs/tools/admin/salt/default.nix
@@ -8,11 +8,11 @@
 
 python2Packages.buildPythonApplication rec {
   name = "salt-${version}";
-  version = "2016.3.3";
+  version = "2016.11.2";
 
   src = fetchurl {
     url = "mirror://pypi/s/salt/${name}.tar.gz";
-    sha256 = "1djjglnh6203y8dirziz5w6zh2lgszxp8ivi86nb7fgijj2h61jr";
+    sha256 = "0hrss5x47cr7ffyjl8jlkhf9j88lqvg7c33rjc5bimck8b7x7hzm";
   };
 
   propagatedBuildInputs = with python2Packages; [
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-10 21:50:07 +0000