Joined: 12 May 2004
|Posted: Fri Aug 23, 2013 6:26 pm Post subject: [ GLSA 201308-04 ] Puppet: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: Puppet: Multiple vulnerabilities (GLSA 201308-04)
Date: August 23, 2013
Bug(s): #456002, #461656, #473720, #481186
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code.
Puppet is a system configuration management tool written in Ruby.
Vulnerable: < 2.7.23
Unaffected: >= 2.7.23
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Puppet. Please review
the CVE identifiers referenced below for details.
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
There is no known workaround at this time.
All Puppet users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.23"
Last edited by GLSA on Mon Aug 26, 2013 4:31 am; edited 1 time in total
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum