Sicherheit: Ausführen beliebiger Kommandos in Facter
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Facter
ID: FEDORA-2014-12699
Distribution: Fedora
Plattformen: Fedora 20
Datum: So, 23. November 2014, 10:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
Applikationen: Facter


Name        : facter
Product : Fedora 20
Version : 1.7.6
Release : 1.fc20
URL : https://puppetlabs.com/facter
Summary : Command and ruby library for gathering system information
Description :
Facter is a lightweight program that gathers basic node information about the
hardware and operating system. Facter is especially useful for retrieving
things like operating system names, hardware characteristics, IP addresses, MAC
addresses, and SSH keys.

Facter is extensible and allows gathering of node information that may be
custom or site specific. It is easy to extend by including your own custom
facts. Facter can also be used to create conditional expressions in Puppet that
key off the values returned by facts.

Update Information:

Update to 1.7.6 for bz#1107891 and CVE-2014-3248

See http://puppetlabs.com/security/cve/cve-2014-3248 for more
information upstream.

* Fri Oct 10 2014 Michael Stahnke <stahnma@fedoraproject.org> - 1.7.6-1
- Update to 1.7.6 for bz#1107891 and CVE-2014-3248
- Remove dmidecode patch. It's upstream now.
* Tue Jan 28 2014 Todd Zullinger <tmz@pobox.com> - 1.7.4-1
- Update to 1.7.4
- Create /etc/facter/facts.d for external facts
- Send dmiddecode errors to /dev/null in the virtual fact (FACT-86)
* Tue Oct 8 2013 Sam Kottler <skottler@fedoraproject.org> - 1.7.3-1
- Update to 1.7.3 (BZ #1016817)

[ 1 ] Bug #1101346 - CVE-2014-3248 puppet: Ruby modules could be loaded from
the current working directory

This update can be installed with the "yum" update program. Use
su -c 'yum update facter' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten