Sicherheit: Ausführen beliebiger Kommandos in Puppet
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Puppet
ID: FEDORA-2017-b9b66117bb
Distribution: Fedora
Plattformen: Fedora 26
Datum: Sa, 10. Juni 2017, 11:47
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295
Applikationen: Puppet


Fedora Update Notification
2017-06-09 18:48:36.540434

Name : puppet
Product : Fedora 26
Version : 4.6.2
Release : 4.fc26
URL : http://puppetlabs.com
Summary : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.

Update Information:

Contains fixes to ensure Puppet can start correctly and a security fix for
remote code execution tracked as
[CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654). * Fix
remote code execution in Puppet master during fact uploads - Fedora#1452654 *
Fix SSL monkey patches error on startup - Fedora#1440710 , Fedora#1443673 * Fix
xmlrpc/client require error on startup - Fedora#1443673

[ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade puppet' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten