[USN-3308-1] Puppet vulnerabilities
marc.deslauriers at canonical.com
Mon Jun 5 17:13:13 UTC 2017
Ubuntu Security Notice USN-3308-1
June 05, 2017
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Several security issues were fixed in Puppet.
- puppet: Centralized configuration management
Dennis Rowe discovered that Puppet incorrectly handled the search path. A
local attacker could use this issue to possibly execute arbitrary code.
It was discovered that Puppet incorrectly handled YAML deserialization. A
remote attacker could possibly use this issue to execute arbitrary code on
the master. This update is incompatible with agents older than 3.2.2.
The problem can be corrected by updating your system to the following
Ubuntu 14.04 LTS:
In general, a standard system update will make all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce