[SECURITY] Fedora 20 Update: puppet-3.4.2-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 23 11:10:28 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-0825
2014-01-15 04:30:39
--------------------------------------------------------------------------------

Name        : puppet
Product     : Fedora 20
Version     : 3.4.2
Release     : 1.fc20
URL         : http://puppetlabs.com
Summary     : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.

--------------------------------------------------------------------------------
Update Information:

Update to 3.4.2 to mitigate CVE-2013-4969
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 14 2014 Sam Kottler <skottler at fedoraproject.org> - 3.4.2-1
- Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792)
* Mon Nov 18 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.2-1
- Update to 3.3.2 (BZ#1031810)
* Sat Nov 16 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.1-3
- Add patch to convert nil resource parameter values to undef (BZ#1028930)
* Fri Nov  1 2013 Lukas Zapletal <lzap+rpm[@]redhat.com> - 3.3.1-2
- Added SELinux wrappers for daemon processes
* Mon Oct  7 2013 Orion Poplawski <orion at cora.nwra.com> - 3.3.1-1
- Update to 3.3.1
* Fri Sep 13 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.0-1
- Update to 3.3.0 and remove the rundir-perms patch since it's no longer needed
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1047792
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list