DebianDEBIAN:BSA-050:58D2F[BSA-050] Security Update for puppet
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
78.1%
I've uploaded new packages for puppet which fixed the following security
problems:
CVE-2011-3848
Resist directory traversal attacks through indirections.
In various versions of Puppet it was possible to cause a directory
traversal attack through the SSLFile indirection base class. This was
variously triggered through the user-supplied key, or the Subject of
the certificate, in the code.
For the squeeze-backports distribution the problems have been fixed in
version 2.7.1-1~bpo60+2.
micah
–
Attachment:
pgpEZJw86rwIp.pgp
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | puppet | < 2.6.2-5+squeeze1 | puppet_2.6.2-5+squeeze1_all.deb |
| Debian | 6 | all | vim-puppet | < 2.6.2-5+squeeze1 | vim-puppet_2.6.2-5+squeeze1_all.deb |
| Debian | 6 | all | puppet-common | < 2.6.2-5+squeeze1 | puppet-common_2.6.2-5+squeeze1_all.deb |
| Debian | 6 | all | puppet-testsuite | < 2.6.2-5+squeeze1 | puppet-testsuite_2.6.2-5+squeeze1_all.deb |
| Debian | 6 | all | puppet-el | < 2.6.2-5+squeeze1 | puppet-el_2.6.2-5+squeeze1_all.deb |
| Debian | 6 | all | puppetmaster | < 2.6.2-5+squeeze1 | puppetmaster_2.6.2-5+squeeze1_all.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
78.1%