| |||||||||||||||||||
Fedora alert FEDORA-2012-10891 (puppet)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-10891 2012-07-20 01:26:38 -------------------------------------------------------------------------------- Name : puppet Product : Fedora 17 Version : 2.7.18 Release : 1.fc17 URL : http://puppetlabs.com Summary : A network tool for managing many disparate systems Description : Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. -------------------------------------------------------------------------------- Update Information: This is an upstream security release. It addresses a number of issues found in puppet-2.7.x. The Red Hat security team has rated this update as having low security impact. Refer to the upstream release notes and bugzilla entries for further details. http://projects.puppetlabs.com/projects/1/wiki/Release_No... NetworkManager compatibility should be improved in this release, thanks to Orion Poplawski (any bugs in implementing Orion's suggested dispatcher script are my own). -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 11 2012 Todd Zullinger <tmz@pobox.com> - 2.7.18-1 - Update to 2.7.17, fixes CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867 - Improve NetworkManager compatibility, thanks to Orion Poplawski (#532085) - Preserve timestamps when installing files -------------------------------------------------------------------------------- References: [ 1 ] Bug #839130 - CVE-2012-3864 puppet: authenticated clients allowed to read arbitrary files from the puppet master https://bugzilla.redhat.com/show_bug.cgi?id=839130 [ 2 ] Bug #839131 - CVE-2012-3865 puppet: authenticated clients allowed to delete arbitrary files on the puppet master https://bugzilla.redhat.com/show_bug.cgi?id=839131 [ 3 ] Bug #839135 - CVE-2012-3866 puppet: information leak via world readable last_run_report.yaml https://bugzilla.redhat.com/show_bug.cgi?id=839135 [ 4 ] Bug #839158 - CVE-2012-3867 puppet: insufficient validation of agent names in CN of SSL certificate requests https://bugzilla.redhat.com/show_bug.cgi?id=839158 [ 5 ] Bug #839166 - CVE-2012-3408 puppet: possible host impersonation when using certificates issues for IP address https://bugzilla.redhat.com/show_bug.cgi?id=839166 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update puppet' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||