Can we get a fix for Facter 1 as well since Puppet 2.7 requires Facter < 2? Or correct the Puppet RPM if that works.
Thanks, Trevor On Tue, Jun 10, 2014 at 2:20 PM, Sam Kottler <[email protected]> wrote: > Announce: Puppet 2.7.26 Available [ Security Release ] > > Puppet 2.7.26 is a security fix release in the Puppet 2.7 series. This > release addresses CVE-2014-3248. It has no other bug fixes or new > features. > > ** CVE-2014-3248 ** > Arbitrary Code Execution with Required Social Engineering > An attacker could convince an administrator to unknowingly create and > execute malicious code on platforms with Ruby 1.9.1 and earlier. > CVSSv2 Score: 5.9 > Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C > > Affected Puppet versions (ruby 1.9.1 and earlier only): > All > > Fixed Puppet versions: > 3.6.2 > 2.7.26 > > For more information on this vulnerability, please visit > https://puppetlabs.com/security/cve/cve-2014-3248 > > To report issues with the release, file a ticket in the "PUP" project > on http://tickets.puppetlabs.com/ and set the "Affects version/s" > field to "2.7.26" > > Puppet 2.7.26 Downloads > ------------------------------------------ > Source: https://downloads.puppetlabs.com/puppet/puppet-2.7.26.tar.gz > > Available in native package format in the Puppet Labs yum and apt > repositories: > http://yum.puppetlabs.com and http://apt.puppetlabs.com > > Gems are available via rubygems at > https://rubygems.org/downloads/puppet-2.7.26.gem > or by using `gem install puppet` > > Please note that there are no longer DMG's or MSI's available for the > 2.7 series. Users still on 2.7 using Puppet on OSX or Windows with the > aforementioned native packaging formats should upgrade to the 3.x > series as soon as possible. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAPO4y0T5vPiGLjtgJsfLw4No4qSTSnMrwhaZd0vr1cCyBBKaSA%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CAPO4y0T5vPiGLjtgJsfLw4No4qSTSnMrwhaZd0vr1cCyBBKaSA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoXRtwPiy1kxo2yh-Mg72ic1PoqJ3T_k78BM%3DcORmZf%3DJw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
