-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-3935 2013-03-16 00:45:13 --------------------------------------------------------------------------------
Name : puppet Product : Fedora 18 Version : 3.1.1 Release : 1.fc18 URL : http://puppetlabs.com Summary : A network tool for managing many disparate systems Description : Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. -------------------------------------------------------------------------------- Update Information: Security release from upstream. https://groups.google.com/group/puppet-announce/browse_thread/thread/7ff8326dc79257a1 update to 3.1.0 with proper handling of Systemd. Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2013 Michael Stahnke <[email protected]> - 3.1.1-1 - Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 - CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 * Thu Mar 7 2013 Michael Stahnke <[email protected]> - 3.1.0-4 - Disable systemd in F18 as per bz#873853 - Update Patch0 to work with 3.1 * Thu Mar 7 2013 Daniel Drake <[email protected]> - 3.1.0-2 - Improve server compatibility with old puppet clients (#831303) * Mon Feb 11 2013 Sam Kottler <[email protected]> - 3.1.0-1 - Update to 3.1.0 * Tue Oct 30 2012 Moses Mendoza <[email protected]> - 3.0.2-1 - Update to 3.0.2 - Update new dependencies (ruby >= 1.8.7, facter >= 1.6.6, hiera >= 1.0.0) - Update for manpage and file changes in upstream - Add conditionals for systemd service management - Remove 0001-Ruby-1.9.3-has-a-different-error-when-require-fails.patch - Remove 0001-Preserve-timestamps-when-installing-files.patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #919770 - CVE-2013-1654 Puppet: SSL protocol downgrade https://bugzilla.redhat.com/show_bug.cgi?id=919770 [ 2 ] Bug #919774 - CVE-2013-1653 Puppet: kick connection HTTP PUT request arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=919774 [ 3 ] Bug #919775 - CVE-2013-1655 Puppet: Master code loading Ruby symbols vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=919775 [ 4 ] Bug #919783 - CVE-2013-1640 Puppet: catalog request code execution https://bugzilla.redhat.com/show_bug.cgi?id=919783 [ 5 ] Bug #919784 - CVE-2013-1652 Puppet: HTTP GET request catalog retrieval https://bugzilla.redhat.com/show_bug.cgi?id=919784 [ 6 ] Bug #919785 - CVE-2013-2275 Puppet: default auth.conf allows authenticated node to submit a report for any other node https://bugzilla.redhat.com/show_bug.cgi?id=919785 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update puppet' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
