Ubuntu Security Notices USN-8153-1 USN-8153-1: Salt vulnerabilities Publication date 7 April 2026 Overview Several security issues were fixed in Salt. Releases 14.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages salt - Infrastructure management built on a dynamic communication bus Details Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive information. ( CVE-2015-8034 ) Dylan Frese discovered that Salt incorrectly allowed users to specify PAM service. An attacker could possibly use this issue to bypass authentication. ( CVE-2016-3176 ) Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive information. ( CVE-2015-8034 ) Dylan Frese discovered that Salt incorrectly allowed users to specify PAM service. An attacker could possibly use this issue to bypass authentication. ( CVE-2016-3176 ) Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 14.04 LTS trusty salt-common – 0.17.5+ds-1ubuntu0.1~esm5 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. salt-master – 0.17.5+ds-1ubuntu0.1~esm5 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. salt-minion – 0.17.5+ds-1ubuntu0.1~esm5 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2016-3176 CVE-2015-8034 CVE-2016-3176 CVE-2015-8034