Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in Puppet
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in Puppet
ID: USN-1365-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Di, 14. Februar 2012, 18:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
Applikationen: Puppet

Originalnachricht


--===============1554852754015706239==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-5l89fdfAadJwnxu1bCk1"


--=-5l89fdfAadJwnxu1bCk1
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1365-1
February 14, 2012

Puppet vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10

Summary:

Puppet would allow unintended access to resources over the network.

Software Description:
- puppet: Centralized configuration management

Details:

It was discovered that Puppet would allow remote ralsh under certain
circumstances. An attacker on an authenticated puppet node could exploit
this to view or manipulate resources on other Puppet nodes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
puppet-common 2.7.1-1ubuntu3.4

Ubuntu 11.04:
puppet-common 2.6.4-2ubuntu2.7

Ubuntu 10.10:
puppet-common 2.6.1-0ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1365-1
CVE-2011-0528

Package Information:
https://launchpad.net/ubuntu/+source/puppet/2.7.1-1ubuntu3.4
https://launchpad.net/ubuntu/+source/puppet/2.6.4-2ubuntu2.7
https://launchpad.net/ubuntu/+source/puppet/2.6.1-0ubuntu2.5



--Õl89fdfAadJwnxu1bCk1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPOpKkAAoJEFHb3FjMVZVz20cQAKmTn4onEhfxKUGVfjnVu2Tr
NOIM3cGShdQ06/dVuHJdXP4SNaBv8ba6tMt1wyoPjIycGwXatfkq2orTJQ9ewTS8
oSh6ixDUHfsIBzOL8AiVPz0JM6zoPVwPY/osbmq6NUar9elrRhMP3YKI+BaBJx3y
pnqc7Fondtv4iIJ8PnIazFIKE9VjrZqBGsg9vPwq/Iq22z/K0oVcEHjwHfXPgDwt
olnkY2hvUuYpJXF1n6/oQXmEL1R1+j97ST2YprTUG0vED+mAiC8VgBQqj8FZjUxI
ugIWUxxZ2y9mVB/enIjwMsbCom3P3fwFKQ+vs/IbQQ3OkXgV40tLAQSocrubJYk5
7ngtzqoBLosuPG/TmJA3U0ItMR/nvD8FVao0SfSf+RCgZcuWKBYsgsGdPl6bSltI
7U+tae7P7wwfv8yOvlOTcDUECCOjiK/peZUZ1uVxxUWFtwcZt5Mml9+lI2hA5wNk
LcCvVyFDGERZM5/GKKnDh4sWTlPPUumN70++2WD7SgTTJsUS2t9rRiQCfFdOiM6K
EGPGgXLlfiL/6T6sUtL1Th0Dfr3VboPPnP069vd7/8XrOM9EkEANO+Bxaqx2Wmtg
OWa4yeHyU1Ui9T07x0oueUIjxQF2/t+VAIIrsV+gY+MXH4cNcYDCl/SUBgKHPbUk
7XZBd4hUnZdszBxhahTU
=2EPZ
-----END PGP SIGNATURE-----

--=-5l89fdfAadJwnxu1bCk1--



--===============1554852754015706239==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1554852754015706239==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung