—

PYSEC-2014-18

Details

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 0 Fixed in: 2014.1.10

Fix pip install --upgrade 'salt>=2014.1.10'

References

http://seclists.org/oss-sec/2014/q3/428 [WEB]
http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html [WEB]
http://www.securityfocus.com/bid/69319 [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/95392 [WEB]
https://github.com/advisories/GHSA-mfr3-9cj8-h2qm [ADVISORY]