Mantis - puppet
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
5090 | upgrade | major | N/A | 2013-07-11 00:43 | 2013-07-12 02:18 |
|
|||||
Reporter: | wcooley | Platform: | |||
Assigned To: | markp | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | |||
Product Build: | Resolution: | fixed | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | |||
|
|||||
Summary: | 0005090: Upgrade Puppet to 2.7.22 due to security issues | ||||
Description: |
Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only 2.7.21. Versions prior to 2.7.22 have the following vulnerability: "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-3567/ [^] Prior to 2.7.21: "Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1640/ [^] "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1655/ [^] Prior to 2.7.18: "Arbitrary file read on the puppet master from authenticated clients" http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes [^] There are several other security vulnerabilities covered in these releases, but these seemed to be the most pressing. |
||||
Steps To Reproduce: | |||||
Additional Information: | |||||
Relationships | |||||
Attached Files: | |||||
|
|||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2013-07-11 00:43 | wcooley | New Issue | |||
2013-07-11 19:35 | markp | Status | new => assigned | ||
2013-07-11 19:35 | markp | Assigned To | => markp | ||
2013-07-11 19:35 | markp | Status | assigned => acknowledged | ||
2013-07-11 19:38 | markp | Note Added: 0010490 | |||
2013-07-11 19:38 | markp | Status | acknowledged => closed | ||
2013-07-11 19:38 | markp | Resolution | open => fixed | ||
2013-07-12 02:18 | maciej | Note Added: 0010491 |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|