openSUSE Security Update: update for puppet ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0835-1 Rating: moderate References: #747657 #755869 #755870 #755871 #755872 Cross-References: CVE-2012-1053 CVE-2012-1054 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-1989 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper privilege dropping and file handling flaws This was done by updating to the new version in stable branch. The stable branch receives only security fixes and this update does not provide any new features. - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary code execution - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read - Fixed bnc#755870 CVE-2012-1987: Denial of Service - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-369 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): puppet-2.6.16-4.23.1 puppet-server-2.6.16-4.23.1 References: http://support.novell.com/security/cve/CVE-2012-1053.html http://support.novell.com/security/cve/CVE-2012-1054.html http://support.novell.com/security/cve/CVE-2012-1986.html http://support.novell.com/security/cve/CVE-2012-1987.html http://support.novell.com/security/cve/CVE-2012-1988.html http://support.novell.com/security/cve/CVE-2012-1989.html https://bugzilla.novell.com/747657 https://bugzilla.novell.com/755869 https://bugzilla.novell.com/755870 https://bugzilla.novell.com/755871 https://bugzilla.novell.com/755872