[SECURITY] Fedora 20 Update: puppet-3.4.2-1.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jan 23 11:10:28 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-0825
2014-01-15 04:30:39
--------------------------------------------------------------------------------
Name : puppet
Product : Fedora 20
Version : 3.4.2
Release : 1.fc20
URL : http://puppetlabs.com
Summary : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.2 to mitigate CVE-2013-4969
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2014 Sam Kottler <skottler at fedoraproject.org> - 3.4.2-1
- Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792)
* Mon Nov 18 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.2-1
- Update to 3.3.2 (BZ#1031810)
* Sat Nov 16 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.1-3
- Add patch to convert nil resource parameter values to undef (BZ#1028930)
* Fri Nov 1 2013 Lukas Zapletal <lzap+rpm[@]redhat.com> - 3.3.1-2
- Added SELinux wrappers for daemon processes
* Mon Oct 7 2013 Orion Poplawski <orion at cora.nwra.com> - 3.3.1-1
- Update to 3.3.1
* Fri Sep 13 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.0-1
- Update to 3.3.0 and remove the rundir-perms patch since it's no longer needed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1047792
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list