An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "salt-cloud": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-common": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-syndic": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-ssh": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-master": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-doc": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-api": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-minion": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1", "salt-proxy": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" } ] }