2015.8.8.2 was released shortly after 2015.8.8 to fix several
known issues. If you installed 2015.8.8 before 03/30/2016, you likely have
installed 2015.8.8 and can optionally upgrade (find out which version you
have installed using
salt --version. The latest version is
Salt 2015.8.8.2 includes fixes for the following known issues in 2015.8.8:
issue 32183 prevents Salt Cloud from installing the Salt minion
on new systems. To workaround this issue, call
salt-cloud -u to update the
bootstrap script to the latest version.
CVE-2016-3176: Insecure configuration of PAM external authentication service
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured authentication service. Thank you to Dylan Frese <firstname.lastname@example.org> for bringing this issue to our attention.
This update defines the PAM eAuth
service that users authenticate against
in the Salt Master configuration.
Before you upgrade from 2015.8.7 on Debian 7, you must run the following commands to remove previous packages:
sudo apt-get remove python-pycrypto sudo apt-get remove python-apache-libcloud
python-pycrypto will likely remove
the second command might not be necessary. These have been replaced by
python-libcloud with ~bpo70+1 moniker.
systemd service files are missing the following statement in these versions:
This statement must be added to successfully upgrade on these earlier versions of Salt.
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-03-17T21:03:44Z
Total Merges: 312