[bug-notifications] [puppet 0005090]: Upgrade Puppet to 2.7.22 due to security issues

Mantis Bug Tracker noreply at opencsw.org
Thu Jul 11 00:43:48 CEST 2013


The following issue has been SUBMITTED. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5090 
====================================================================== 
Reported By:                wcooley
Assigned To:                
====================================================================== 
Project:                    puppet
Issue ID:                   5090
Category:                   upgrade
Reproducibility:            N/A
Severity:                   major
Priority:                   normal
Status:                     new
====================================================================== 
Date Submitted:             2013-07-11 00:43 CEST
Last Modified:              2013-07-11 00:43 CEST
====================================================================== 
Summary:                    Upgrade Puppet to 2.7.22 due to security issues
Description: 
Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only
2.7.21.

Versions prior to 2.7.22 have the following vulnerability:
"Unauthenticated Remote Code Execution Vulnerability"
  http://puppetlabs.com/security/cve/cve-2013-3567/

Prior to 2.7.21:
"Remote Code Execution Vulnerability"
  http://puppetlabs.com/security/cve/cve-2013-1640/

"Unauthenticated Remote Code Execution Vulnerability"
  http://puppetlabs.com/security/cve/cve-2013-1655/

Prior to 2.7.18:
"Arbitrary file read on the puppet master from authenticated clients"
 
http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes

There are several other security vulnerabilities covered in these releases,
but these seemed to be the most pressing.
======================================================================



More information about the bug-notifications mailing list