Anonymous | Login | 2024-04-26 03:24 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005090 | [puppet] upgrade | major | N/A | 2013-07-11 00:43 | 2013-07-12 02:18 | ||
Reporter | wcooley | View Status | public | ||||
Assigned To | markp | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005090: Upgrade Puppet to 2.7.22 due to security issues | ||||||
Description |
Please upgrade Puppet to 2.7.22; dublin has only 2.7.14 and kiel has only 2.7.21. Versions prior to 2.7.22 have the following vulnerability: "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-3567/ [^] Prior to 2.7.21: "Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1640/ [^] "Unauthenticated Remote Code Execution Vulnerability" http://puppetlabs.com/security/cve/cve-2013-1655/ [^] Prior to 2.7.18: "Arbitrary file read on the puppet master from authenticated clients" http://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html#security-fixes [^] There are several other security vulnerabilities covered in these releases, but these seemed to be the most pressing. |
||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010490) markp (developer) 2013-07-11 19:38 |
Umm, live catalog has 2.7.22.... http://www.opencsw.org/packages/CSWpuppet/ [^] |
(0010491) maciej (reporter) 2013-07-12 02:18 |
I think the problem the reporter was referring to, is the combination of these two things: 1. curl -s http://www.opencsw.org/get-it/releases/ [^] | grep -i production <p>As of 2012, dublin is recommended for production systems.</p> 2. curl -s http://mirror.opencsw.org/opencsw/dublin/i386/5.10/catalog [^] | awk '$1 == "puppet" { print $4 }' puppet-2.7.14,REV=2012.05.03-SunOS5.9-all-CSW.pkg.gz |
Copyright © 2000 - 2008 Mantis Group |