The following issue has been SUBMITTED. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5090 ====================================================================== Reported By: wcooley Assigned To: ====================================================================== Project: puppet Issue ID: 5090 Category: upgrade Reproducibility: N/A Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2013-07-11 00:43 CEST Last Modified: 2013-07-11 00:43 CEST ====================================================================== Summary: Upgrade Puppet to 2.7.22 due to security issues Description: Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only 2.7.21.
Versions prior to 2.7.22 have the following vulnerability: "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-3567/ Prior to 2.7.21: "Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1640/ "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1655/ Prior to 2.7.18: "Arbitrary file read on the puppet master from authenticated clients" http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes There are several other security vulnerabilities covered in these releases, but these seemed to be the most pressing. ====================================================================== _______________________________________________ bug-notifications mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/bug-notifications
