LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

puppet: multiple vulnerabilities

Package(s):puppet CVE #(s):CVE-2013-4761 CVE-2013-4956
Created:August 16, 2013 Updated:September 20, 2013
Description:

From the Ubuntu advisory:

It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. (CVE-2013-4761)

It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker. (CVE-2013-4956)

Alerts:
Ubuntu USN-1928-1 2013-08-15
Gentoo 201308-04 2013-08-23
Mageia MGASA-2013-0259 2013-08-26
Mandriva MDVSA-2013:222 2013-08-27
Debian DSA-2761-1 2013-09-19
Red Hat RHSA-2013:1283-01 2013-09-24
Red Hat RHSA-2013:1284-01 2013-09-24
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds