Facter 2.0.2 is a security fix release in the Facter 2 series. This release addresses CVE-2014-3248. It has no other bug fixes or new features. All users of Facter 2.0.1 and earlier are encouraged to update to 2.0.2.
** CVE-2014-3248 ** Arbitrary Code Execution with Required Social Engineering An attacker could convince an administrator to unknowingly create and execute malicious code on platforms with Ruby 1.9.1 and earlier. CVSSv2 Score: 5.2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C Affected Facter versions (ruby 1.9.1 and earlier only): 2.x 1.6.x Fixed Facter versions: 2.0.2 See the Release Notes here: http://docs.puppetlabs.com/facter/2.0/release_notes.html#facter-202 For more information on this vulnerability, please visit https://puppetlabs.com/security/cve/cve-2014-3248 To report issues with the release, file a ticket in the "FACT" project on http://tickets.puppetlabs.com/ and set the "Affects version/s" field to "2.0.2" -- Moses Mendoza Puppet Labs Join us at PuppetConf 2014, September 20-24 in San Francisco Register by July 31st to take advantage of the Early Bird discount —save $249! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2B421WYT1owqbQdHQDeSEvb_9o_1zfErQ89%3DOH5qHn%2BtkfquZw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
