Mailinglist Archive: opensuse-updates (56 mails)

< Previous Next >
openSUSE-SU-2012:0891-1: moderate: puppet for multiple issues
openSUSE Security Update: puppet for multiple issues
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0891-1
Rating: moderate
References: #770827 #770828 #770829 #770833
Cross-References: CVE-2012-3864 CVE-2012-3865 CVE-2012-3866
CVE-2012-3867
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

puppet was updated to fix various security issues: CVEs
fixed:
- bnc#770828 - CVE-2012-3864: puppet: authenticated clients
can read arbitrary files via a flaw in puppet master
- bnc#770829 - CVE-2012-3865: puppet: arbitrary file delete
/ Denial of Service on Puppet Master by authenticated
clients
- bnc#770827 - CVE-2012-3866: puppet: last_run_report.yaml
left world-readable
- bnc#770833 - CVE-2012-3867: puppet: insufficient input
validation for agent certificate names

- using the new stable version, 2.6.17, which only receives
security fixes.
- Removed runlevel 4.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-407

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-407

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

puppet-2.7.6-1.10.1
puppet-server-2.7.6-1.10.1

- openSUSE 11.4 (i586 x86_64):

puppet-2.6.17-26.1
puppet-server-2.6.17-26.1


References:

http://support.novell.com/security/cve/CVE-2012-3864.html
http://support.novell.com/security/cve/CVE-2012-3865.html
http://support.novell.com/security/cve/CVE-2012-3866.html
http://support.novell.com/security/cve/CVE-2012-3867.html
https://bugzilla.novell.com/770827
https://bugzilla.novell.com/770828
https://bugzilla.novell.com/770829
https://bugzilla.novell.com/770833


< Previous Next >
This Thread
  • No further messages