CVE-2016-1866 (retired)

Priority
Description
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on
the minion, which allows man-in-the-middle attackers to execute arbitrary
code by inserting packets into the minion-master data stream.
Package
Source: salt (LP Ubuntu Debian)
Upstream:released (2015.8.5+ds-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2015.8.8+ds-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
More Information

Updated: 2019-08-23 09:09:34 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)