Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Puppet
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Puppet
ID: FEDORA-2013-3935
Distribution: Fedora
Plattformen: Fedora 18
Datum: Mo, 5. August 2013, 07:47
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275
Applikationen: Puppet

Originalnachricht

Name        : puppet
Product : Fedora 18
Version : 3.1.1
Release : 1.fc18
URL : http://puppetlabs.com
Summary : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.

-------------------------------------------------------------------------------
-
Update Information:

Security release from upstream.

https://groups.google.com/group/puppet-announce/browse_thread/thread/7ff8326dc79257a1


update to 3.1.0 with proper handling of Systemd.
Here is where you give an explanation of your update.
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Mar 13 2013 Michael Stahnke <stahnma@puppetlabs.com> - 3.1.1-1
- Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
- CVE-2013-1655 CVE-2013-2274 CVE-2013-2275
* Thu Mar 7 2013 Michael Stahnke <stahnma@puppetlabs.com> - 3.1.0-4
- Disable systemd in F18 as per bz#873853
- Update Patch0 to work with 3.1
* Thu Mar 7 2013 Daniel Drake <dsd@laptop.org> - 3.1.0-2
- Improve server compatibility with old puppet clients (#831303)
* Mon Feb 11 2013 Sam Kottler <shk@redhat.com> - 3.1.0-1
- Update to 3.1.0
* Tue Oct 30 2012 Moses Mendoza <moses@puppetlabs.com> - 3.0.2-1
- Update to 3.0.2
- Update new dependencies (ruby >= 1.8.7, facter >= 1.6.6, hiera >=
1.0.0)
- Update for manpage and file changes in upstream
- Add conditionals for systemd service management
- Remove 0001-Ruby-1.9.3-has-a-different-error-when-require-fails.patch
- Remove 0001-Preserve-timestamps-when-installing-files.patch
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #919770 - CVE-2013-1654 Puppet: SSL protocol downgrade
https://bugzilla.redhat.com/show_bug.cgi?id=919770
[ 2 ] Bug #919774 - CVE-2013-1653 Puppet: kick connection HTTP PUT request
arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=919774
[ 3 ] Bug #919775 - CVE-2013-1655 Puppet: Master code loading Ruby symbols
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=919775
[ 4 ] Bug #919783 - CVE-2013-1640 Puppet: catalog request code execution
https://bugzilla.redhat.com/show_bug.cgi?id=919783
[ 5 ] Bug #919784 - CVE-2013-1652 Puppet: HTTP GET request catalog retrieval
https://bugzilla.redhat.com/show_bug.cgi?id=919784
[ 6 ] Bug #919785 - CVE-2013-2275 Puppet: default auth.conf allows
authenticated node to submit a report for any other node
https://bugzilla.redhat.com/show_bug.cgi?id=919785
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung