[SECURITY] Fedora 18 Update: puppet-3.1.1-1.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Fri Aug 2 03:25:10 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-3935
2013-03-16 00:45:13
--------------------------------------------------------------------------------
Name : puppet
Product : Fedora 18
Version : 3.1.1
Release : 1.fc18
URL : http://puppetlabs.com
Summary : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.
--------------------------------------------------------------------------------
Update Information:
Security release from upstream.
https://groups.google.com/group/puppet-announce/browse_thread/thread/7ff8326dc79257a1
update to 3.1.0 with proper handling of Systemd.
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2013 Michael Stahnke <stahnma at puppetlabs.com> - 3.1.1-1
- Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
- CVE-2013-1655 CVE-2013-2274 CVE-2013-2275
* Thu Mar 7 2013 Michael Stahnke <stahnma at puppetlabs.com> - 3.1.0-4
- Disable systemd in F18 as per bz#873853
- Update Patch0 to work with 3.1
* Thu Mar 7 2013 Daniel Drake <dsd at laptop.org> - 3.1.0-2
- Improve server compatibility with old puppet clients (#831303)
* Mon Feb 11 2013 Sam Kottler <shk at redhat.com> - 3.1.0-1
- Update to 3.1.0
* Tue Oct 30 2012 Moses Mendoza <moses at puppetlabs.com> - 3.0.2-1
- Update to 3.0.2
- Update new dependencies (ruby >= 1.8.7, facter >= 1.6.6, hiera >= 1.0.0)
- Update for manpage and file changes in upstream
- Add conditionals for systemd service management
- Remove 0001-Ruby-1.9.3-has-a-different-error-when-require-fails.patch
- Remove 0001-Preserve-timestamps-when-installing-files.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #919770 - CVE-2013-1654 Puppet: SSL protocol downgrade
https://bugzilla.redhat.com/show_bug.cgi?id=919770
[ 2 ] Bug #919774 - CVE-2013-1653 Puppet: kick connection HTTP PUT request arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=919774
[ 3 ] Bug #919775 - CVE-2013-1655 Puppet: Master code loading Ruby symbols vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=919775
[ 4 ] Bug #919783 - CVE-2013-1640 Puppet: catalog request code execution
https://bugzilla.redhat.com/show_bug.cgi?id=919783
[ 5 ] Bug #919784 - CVE-2013-1652 Puppet: HTTP GET request catalog retrieval
https://bugzilla.redhat.com/show_bug.cgi?id=919784
[ 6 ] Bug #919785 - CVE-2013-2275 Puppet: default auth.conf allows authenticated node to submit a report for any other node
https://bugzilla.redhat.com/show_bug.cgi?id=919785
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list