drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in Puppet
Name: |
Mangelnde Prüfung von Zertifikaten in Puppet |
|
ID: |
FEDORA-2011-14880 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Sa, 19. November 2011, 07:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872 |
|
Applikationen: |
Puppet |
|
Originalnachricht |
Name : puppet Product : Fedora 16 Version : 2.6.12 Release : 1.fc16 URL : http://puppetlabs.com Summary : A network tool for managing many disparate systems Description : Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files.
------------------------------------------------------------------------------- - Update Information:
A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.
This update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue:
http://puppetlabs.com/security/cve/cve-2011-3872/ ------------------------------------------------------------------------------- - ChangeLog:
* Sun Oct 23 2011 Todd Zullinger <tmz@pobox.com> - 2.6.12-1 - Update to 2.6.12, fixes CVE-2011-3872 - Add upstream patch to restore Mongrel XMLRPC functionality (upstream #10244) - Apply partial fix for upstream #9167 (tagmail report sends email when nothing happens) ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update puppet' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|