A vulnerability in win_useradd, salt-cloud and Linode driver were found: * win_useradd returned data including the password of the newly created user * salt-cloud debug output contained win_password and sudo_password authentication credentials * Linode driver displayed authentication credentials in debug logs Upstream patch: https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710 External reference: https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html
Created salt tracking bugs for this issue: Affects: fedora-all [bug 1273068] Affects: epel-all [bug 1273070]
Created salt-cloud tracking bugs for this issue: Affects: fedora-all [bug 1273069] Affects: epel-all [bug 1273071]