[bug-notifications] [puppet 0005090]: Upgrade Puppet to 2.7.22 due to security issues
Mantis Bug Tracker
noreply at opencsw.org
Thu Jul 11 19:38:23 CEST 2013
The following issue has been CLOSED
======================================================================
https://www.opencsw.org/mantis/view.php?id=5090
======================================================================
Reported By: wcooley
Assigned To: markp
======================================================================
Project: puppet
Issue ID: 5090
Category: upgrade
Reproducibility: N/A
Severity: major
Priority: normal
Status: closed
Resolution: open
Fixed in Version:
======================================================================
Date Submitted: 2013-07-11 00:43 CEST
Last Modified: 2013-07-11 19:38 CEST
======================================================================
Summary: Upgrade Puppet to 2.7.22 due to security issues
Description:
Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only
2.7.21.
Versions prior to 2.7.22 have the following vulnerability:
"Unauthenticated Remote Code Execution Vulnerability"
http://puppetlabs.com/security/cve/cve-2013-3567/
Prior to 2.7.21:
"Remote Code Execution Vulnerability"
http://puppetlabs.com/security/cve/cve-2013-1640/
"Unauthenticated Remote Code Execution Vulnerability"
http://puppetlabs.com/security/cve/cve-2013-1655/
Prior to 2.7.18:
"Arbitrary file read on the puppet master from authenticated clients"
http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes
There are several other security vulnerabilities covered in these releases,
but these seemed to be the most pressing.
======================================================================
----------------------------------------------------------------------
(0010490) markp (manager) - 2013-07-11 19:38
https://www.opencsw.org/mantis/view.php?id=5090#c10490
----------------------------------------------------------------------
Umm, live catalog has 2.7.22....
http://www.opencsw.org/packages/CSWpuppet/
More information about the bug-notifications
mailing list