https://bugzilla.novell.com/show_bug.cgi?id=809839 https://bugzilla.novell.com/show_bug.cgi?id=809839#c0 Summary: Multiple vulnerabilities in puppet framework versions not vulnerable 2.6.18 2.7.21 3.1.1 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: boris@steki.net QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 Security Disclosures CVE-2013-2275 – Incorrect Default Report ACL Vulnerability Resolved in Puppet 2.6.18, 2.7.21, 3.1.1, Puppet Enterprise 1.2.7, 2.7.2 CVE-2013-2274 – Remote Code Execution Vulnerability Resolved in Puppet 2.6.18, Puppet Enterprise 1.2.7 CVE-2013-1655 – Unauthenticated Remote Code Execution Vulnerability Resolved in Puppet 2.7.21, 3.1.1 CVE-2013-1654 – SSL Protocol Downgrade Vulnerability Resolved in Puppet 2.6.18, 2.7.21, 3.1.1, Puppet Enterprise 1.2.7, 2.7.2 CVE-2013-1653 – Agent Remote Code Execution Vulnerability Resolved in Puppet 2.7.21, 3.1.1, Puppet Enterprise 2.7.2 CVE-2013-1652 – Insufficient Input Validation Vulnerability Resolved in Puppet 2.6.18, 2.7.21, 3.1.1, Puppet Enterprise 1.2.7, 2.7.2 CVE-2013-1640 – Remote Code Execution Vulnerability Resolved in Puppet 2.6.18, 2.7.21, 3.1.1, Puppet Enterprise 1.2.7, 2.7.2/li> CVE-2013-0277 – Rails (ActiveRecord) YAML Serialization Vulnerability Puppet Enterprise Hotfixes for Puppet Enterprise 1.2.6, and 2.7.1 CVE-2013-0269 – JSON Unsafe Object Creation Vulnerability Puppet Enterprise Hotfixes for Puppet Enterprise 1.2.6, and 2.7.1 CVE-2013-0263 – Rack Timing Attack Vulnerability Puppet Enterprise Hotfixes for Puppet Enterprise 1.2.6, and 2.7.1 CVE-2013-0169 – OpenSSL Lucky Thirteen Vulnerability Puppet Enterprise Hotfixes for Puppet Enterprise 1.2.6, and 2.7.1 CVE-2013-1399 – Console CSRF Vulnerability Resolved in Puppet Enterprise 2.7.1 CVE-2013-1398 – MCO Private Key Leak Resolved in Puppet Enterprise 2.7.1 CVE-2013-0333 – Rails JSON Parser Vulnerability Puppet Enterprise Hotfixes for Puppet Enterprise 1.2.5, and 2.7.0 Reproducible: Always Steps to Reproduce: 1. 2. 3. Info about vulnerabilities and errata can be seen at https://puppetlabs.com/security/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.