The following issue has been CLOSED ====================================================================== https://www.opencsw.org/mantis/view.php?id=5090 ====================================================================== Reported By: wcooley Assigned To: markp ====================================================================== Project: puppet Issue ID: 5090 Category: upgrade Reproducibility: N/A Severity: major Priority: normal Status: closed Resolution: open Fixed in Version: ====================================================================== Date Submitted: 2013-07-11 00:43 CEST Last Modified: 2013-07-11 19:38 CEST ====================================================================== Summary: Upgrade Puppet to 2.7.22 due to security issues Description: Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only 2.7.21.
Versions prior to 2.7.22 have the following vulnerability: "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-3567/ Prior to 2.7.21: "Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1640/ "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1655/ Prior to 2.7.18: "Arbitrary file read on the puppet master from authenticated clients" http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes There are several other security vulnerabilities covered in these releases, but these seemed to be the most pressing. ====================================================================== ---------------------------------------------------------------------- (0010490) markp (manager) - 2013-07-11 19:38 https://www.opencsw.org/mantis/view.php?id=5090#c10490 ---------------------------------------------------------------------- Umm, live catalog has 2.7.22.... http://www.opencsw.org/packages/CSWpuppet/ _______________________________________________ bug-notifications mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/bug-notifications
