0005090: Upgrade Puppet to 2.7.22 due to security issues

Mantis - puppet
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
5090	upgrade	major	N/A	2013-07-11 00:43	2013-07-12 02:18

Reporter:	wcooley	Platform:
Assigned To:	markp	OS:
Priority:	normal	OS Version:
Status:	closed	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:

Summary:	0005090: Upgrade Puppet to 2.7.22 due to security issues
Description:	Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only 2.7.21. Versions prior to 2.7.22 have the following vulnerability: "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-3567/ [^] Prior to 2.7.21: "Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1640/ [^] "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1655/ [^] Prior to 2.7.18: "Arbitrary file read on the puppet master from authenticated clients" http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes [^] There are several other security vulnerabilities covered in these releases, but these seemed to be the most pressing.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Issue History
Date Modified	Username	Field	Change
2013-07-11 00:43	wcooley	New Issue
2013-07-11 19:35	markp	Status	new => assigned
2013-07-11 19:35	markp	Assigned To	=> markp
2013-07-11 19:35	markp	Status	assigned => acknowledged
2013-07-11 19:38	markp	Note Added: 0010490
2013-07-11 19:38	markp	Status	acknowledged => closed
2013-07-11 19:38	markp	Resolution	open => fixed
2013-07-12 02:18	maciej	Note Added: 0010491

Notes