[SECURITY] Fedora 19 Update: puppet-3.4.2-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Thu Jan 23 11:13:28 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-0850
2014-01-15 04:31:36
--------------------------------------------------------------------------------

Name        : puppet
Product     : Fedora 19
Version     : 3.4.2
Release     : 1.fc19
URL         : http://puppetlabs.com
Summary     : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.

--------------------------------------------------------------------------------
Update Information:

Update to 3.4.2 to mitigate CVE-2013-4969
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 14 2014 Sam Kottler <skottler at fedoraproject.org> - 3.4.2-1
- Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792)
* Fri Oct 25 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.1-1
- Update to 3.3.1 (BZ# 1023527)
* Fri Sep 13 2013 Sam Kottler <skottler at fedoraproject.org> - 3.3.0-1
- Update to 3.3.0 and remove the rundir-perms patch since it's no longer needed
* Fri Aug 30 2013 Sam Kottler <skottler at fedoraproject.org> - 3.2.4-1
- Update to 3.2.4 to fix CVE-2013-4761 and CVE-2013-4956
* Thu Aug 29 2013 Sam Kottler <skottler at fedoraproject.org> - 3.2.2-1
- Update to 3.2.2
* Wed Aug  7 2013 Sam Kottler <skottler at fedoraproject.org> - 3.1.1-6
- Add tar as an installation requirement
* Tue Jul 30 2013 Orion Poplawski <orion at cora.nwra.com> - 3.1.1-5
- Use systemd semantics and name in NM dispatcher script
* Fri Jul 26 2013 Sam Kottler <skottler at fedoraproject.org> - 3.1.1-5
- Add hard dependency on ruby
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1047792
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list