Can we get a fix for Facter 1 as well since Puppet 2.7 requires Facter < 2? Or correct the Puppet RPM if that works.
Thanks, Trevor On Tue, Jun 10, 2014 at 2:20 PM, Sam Kottler <s...@kottlerdevelopment.com> wrote: > Announce: Puppet 2.7.26 Available [ Security Release ] > > Puppet 2.7.26 is a security fix release in the Puppet 2.7 series. This > release addresses CVE-2014-3248. It has no other bug fixes or new > features. > > ** CVE-2014-3248 ** > Arbitrary Code Execution with Required Social Engineering > An attacker could convince an administrator to unknowingly create and > execute malicious code on platforms with Ruby 1.9.1 and earlier. > CVSSv2 Score: 5.9 > Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C > > Affected Puppet versions (ruby 1.9.1 and earlier only): > All > > Fixed Puppet versions: > 3.6.2 > 2.7.26 > > For more information on this vulnerability, please visit > https://puppetlabs.com/security/cve/cve-2014-3248 > > To report issues with the release, file a ticket in the "PUP" project > on http://tickets.puppetlabs.com/ and set the "Affects version/s" > field to "2.7.26" > > Puppet 2.7.26 Downloads > ------------------------------------------ > Source: https://downloads.puppetlabs.com/puppet/puppet-2.7.26.tar.gz > > Available in native package format in the Puppet Labs yum and apt > repositories: > http://yum.puppetlabs.com and http://apt.puppetlabs.com > > Gems are available via rubygems at > https://rubygems.org/downloads/puppet-2.7.26.gem > or by using `gem install puppet` > > Please note that there are no longer DMG's or MSI's available for the > 2.7 series. Users still on 2.7 using Puppet on OSX or Windows with the > aforementioned native packaging formats should upgrade to the 3.x > series as soon as possible. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAPO4y0T5vPiGLjtgJsfLw4No4qSTSnMrwhaZd0vr1cCyBBKaSA%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CAPO4y0T5vPiGLjtgJsfLw4No4qSTSnMrwhaZd0vr1cCyBBKaSA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CANs%2BFoXRtwPiy1kxo2yh-Mg72ic1PoqJ3T_k78BM%3DcORmZf%3DJw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
