Security advisory: Use of the 'port' parameter with puppetlabs-firewall could cause unexpectedly permissive firewall rules.
Assessed Risk Level: Medium Previous versions of the README for the puppetlabs-firewall module contained examples of configurations using the 'port' parameter instead of referencing 'dport' and 'sport'. Following these examples explicitly could result in firewall rules that are unintentionally permissive. It is recommended to always use the specific 'dport' and 'sport' parameters. With the puppetlabs-firewall 1.7.1 release, the 'port' parameter is now deprecated and will be removed in the next major release. If any manifests using puppetlabs-firewall's firewall resource are configured to use the 'port' parameter, users should update those manifests to use the specific 'dport' or 'sport' parameters instead. Please see https://puppetlabs.com/security/cve/puppetlabs-firewall-aug-2015-advisory for more information. Geoff Nichols Puppet Labs *PuppetConf 2015 <http://2015.puppetconf.com/> is coming to Portland, Oregon! Join us October 5-9.* *Register now to take advantage of the Final Countdown discount <https://www.eventbrite.com/e/puppetconf-2015-october-5-9-register-now-its-the-final-countdown-tickets-13115894995?discount=FinalCountdown> * *—**save $149!* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBwDbVvFP-LN-G33jSPKH04Y6Ju3E44Eznt6rqJcFhP%3DRA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
