[SECURITY] Fedora EPEL 6 Update: puppet-2.6.6-3.el6

updates at fedoraproject.org updates at fedoraproject.org
Sun Oct 16 21:00:49 UTC 2011

Previous message: Fedora EPEL 6 Update: firebird-2.5.1.26349.O-1.el6
Next message: Fedora EPEL 5 Update: facter-1.6.1-1.el5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-4568
2011-10-01 00:51:17
--------------------------------------------------------------------------------

Name        : puppet
Product     : Fedora EPEL 6
Version     : 2.6.6
Release     : 3.el6
URL         : http://puppetlabs.com
Summary     : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.

--------------------------------------------------------------------------------
Update Information:

The following vulnerabilities have been discovered and fixed:

* CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file  
* CVE-2011-3869, a symlink attack via a user's .k5login file  
* CVE-2011-3871, a privilege escalation attack via the temp file  used by the puppet resource application  
* A low-risk file indirector injection attack  

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Previous message: Fedora EPEL 6 Update: firebird-2.5.1.26349.O-1.el6
Next message: Fedora EPEL 5 Update: facter-1.6.1-1.el5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the epel-package-announce mailing list