suse · CVE-2016-1866

Quick triage

Priority: high Published: 2021-05-30 13:38:35 UTC Updated: 2025-11-05 04:33:57 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-1866 severity important: SUSE including 380 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 504 product×package rows across 35 product lines (SUSE CaaS Platform 3.0, SUSE Enterprise Storage 7.1, … (35 product lines)): Known Affected 231, Known Not Affected 139, Fixed 134.

Description:

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

cvelogic Threat Intelligence