drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Puppet
Name: |
Zwei Probleme in Puppet |
|
ID: |
USN-1372-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Do, 23. Februar 2012, 16:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054 |
|
Applikationen: |
Puppet |
|
Originalnachricht |
--===============7014701899237479989== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-4j0ljFBj3RorLx90rEH1"
--=-4j0ljFBj3RorLx90rEH1 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1372-1 February 23, 2012
puppet vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
Puppet could be made to overwrite files and run programs with administrator privileges.
Software Description: - puppet: Centralized configuration management
Details:
It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). (CVE-2012-1053)
It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. (CVE-2012-1054)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: puppet-common 2.7.1-1ubuntu3.5
Ubuntu 11.04: puppet-common 2.6.4-2ubuntu2.8
Ubuntu 10.10: puppet-common 2.6.1-0ubuntu2.6
Ubuntu 10.04 LTS: puppet-common 0.25.4-2ubuntu6.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1372-1 CVE-2012-1053, CVE-2012-1054
Package Information: https://launchpad.net/ubuntu/+source/puppet/2.7.1-1ubuntu3.5 https://launchpad.net/ubuntu/+source/puppet/2.6.4-2ubuntu2.8 https://launchpad.net/ubuntu/+source/puppet/2.6.1-0ubuntu2.6 https://launchpad.net/ubuntu/+source/puppet/0.25.4-2ubuntu6.6
--Ôj0ljFBj3RorLx90rEH1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPRkfwAAoJEFHb3FjMVZVz0z4P/3QBQI0JzhydXGOJWbCTX7hj 38TkTerxGOwBFdr4rmgA+3BoQ9vSqRi8f7XcVcHIal82B98wVbik+hD7jzOFievu +4nTLDpfDu8ESTwOSqQakzN270vGHwjWGaJCC0HjSxFS4tDjHpjEPrbvh+Py1Sm8 35glcXAOBs6XOM15nDxr8uJIWOJGAX3iD0x4818Mi7HmqByLsubTHM9fJV9FEv0m nEZG7zdHue5c8/jcs/keSEGRnadhRO6nja/7qwDhNRKYm9n3IoowzsWKe9OHbV91 ZUAfhn/mBcRHruavc/6E5BWNsv52WqzoIsWhR81t4JegeKTxzrOwveeDmYDNKiP0 nyQFRNzhZwamxm00s9SJkr+jfzaZZBh4aIZ89euW6dZfvR6fTwbwi5Z8vo321bT0 868VCqjeUG0c0fKer/kFE+/tyuavYmp2iGvq8b5vxQTh6chWAIepIzcwBCI1qf7p 8hqwlcIujq9fuBUM9hlC+Mykyq05CzgJ19kuADL9dD1MzfFCLj5IibPBdfc2/nGZ w4m+jfPPjOJZj2g6wAP+jHJ3VHifqcatt8tSp2zdOP470/FF4kfBblae8WzsAbBV /3iSeno3EQohi+a8lkqhLQZQ3SaEtBl9RM4B8IvrEA/C1GDmx/VaIKXmUIdit17j vq35x9cSs1Z2E16rUYXe =Ktg8 -----END PGP SIGNATURE-----
--=-4j0ljFBj3RorLx90rEH1--
--===============7014701899237479989== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7014701899237479989==--
|
|
|
|