|
|
Log in / Subscribe / Register

Ubuntu alert USN-8153-1 (salt)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8153-1] Salt vulnerabilities


Date:
              Tue, 07 Apr 2026 14:34:49 +0000


Message-ID:
              <E1wA7Vx-0001Lw-2u@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8153-1
April 07, 2026

salt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Salt.

Software Description:
- salt: Infrastructure management built on a dynamic communication bus

Details:

Zach Malone discovered that Salt did not properly handle permissions to cache
data. A local attacker could possibly use this issue to obtain sensitive
information. (CVE-2015-8034)
Dylan Frese discovered that Salt incorrectly allowed users to specify PAM
service. An attacker could possibly use this issue to bypass authentication.
(CVE-2016-3176)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  salt-common                     0.17.5+ds-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro
  salt-master                     0.17.5+ds-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro
  salt-minion                     0.17.5+ds-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8153-1
  CVE-2015-8034, CVE-2016-3176




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnVFYQACgkQcpJm3tlz
hgFRWA//Q+cxwGRpNiPooC91/CPLSw3kau5iyXaOKtD8BsNyGz2YHHZQLzCK2Zzn
UeNrR+ZHQllIKHMTvLYv8Aj2/pyJQ7ZnMck0ud9rK2UjwVa6HGjMr1Un1kovqDD4
Rm+FY9OSjShHET/MzyuE5/dzwrl1pJwmnqiJOL9/rDBYYQIlB+fXlsG1/As9jjfO
qmiSb8urSzedK07aKLbbhaLB6K6NbQojmvM68a8kDgnH8os9I3eFgWlcwUD3MMK6
pwtv5hsh323aEt/CwKm2esaBpA0/cqpnO4wJJ2y6/9swy8JQfBt49slpvM8TRhnO
0W6ddPnv1Oaom0REUdwVrIrld4XEDEQElyMQoz4WZOQWqnmeDC1SJTpb5pkp7Lnj
IYg/tn6f65ouWRln04QDO6rJvkqnsPChkrFWmoY09jBIT3nDMSex4TvJ+fy9pDl8
p1x0L59NklZ5rctJuntcO5EKTCQXOdvs3VnS6fd6yVrsfp1qaKhopJNGyPU6w7ti
hsPFjr0IMBb6AtCNEJNS4A9y2BOKdEvk8x3AWif7FWD4Otp6mnaDmWB4i770ayu2
O6G65MTQZ9PxInK3p8M4thMuJQK9l7FHOLuOePxC/jhM25424K708ftr/NI+iNmM
Q3XP5TPkN+65YdQyDQzrha5CCJ9QfXQXr4jWpC+1lX5R2YhCB3o=
=TzLp
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds