[bug-notifications] [puppet 0005090]: Upgrade Puppet to 2.7.22 due to security issues
Mantis Bug Tracker
noreply at opencsw.org
Thu Jul 11 19:35:34 CEST 2013
The following issue has been ASSIGNED.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5090
======================================================================
Reported By: wcooley
Assigned To: markp
======================================================================
Project: puppet
Issue ID: 5090
Category: upgrade
Reproducibility: N/A
Severity: major
Priority: normal
Status: assigned
======================================================================
Date Submitted: 2013-07-11 00:43 CEST
Last Modified: 2013-07-11 19:35 CEST
======================================================================
Summary: Upgrade Puppet to 2.7.22 due to security issues
Description:
Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only
2.7.21.
Versions prior to 2.7.22 have the following vulnerability:
"Unauthenticated Remote Code Execution Vulnerability"
http://puppetlabs.com/security/cve/cve-2013-3567/
Prior to 2.7.21:
"Remote Code Execution Vulnerability"
http://puppetlabs.com/security/cve/cve-2013-1640/
"Unauthenticated Remote Code Execution Vulnerability"
http://puppetlabs.com/security/cve/cve-2013-1655/
Prior to 2.7.18:
"Arbitrary file read on the puppet master from authenticated clients"
http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes
There are several other security vulnerabilities covered in these releases,
but these seemed to be the most pressing.
======================================================================
More information about the bug-notifications
mailing list