Overview Repositories Revisions Requests Users Attributes Meta
puppet security update

Puppet's certificate authority issued Puppet agent
certificates capable of impersonating the Puppet master.
Compromised or rogue puppet agents could therefore use
their certificates for MITM attacks (CVE-2011-3872).

Note: If you've set the 'certdnsnames' option in your
master's puppet.conf file merely installing the updated
packages is not sufficient to fix this problem. You need to
either pick a new DNS name for the master and reconfigure
all agents to use it or re-new certificates on all agents.

Please refer to the documentation in
/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5
for detailed instructions and scripts.

Puppetlabs' site also provides more information:
http://puppetlabs.com/security/cve/cve-2011-3872/faq/
http://puppetlabs.com/blog/important-security-announcement-a
ltnames-vulnerability/

--

Directory traversal vulnerability in puppet allowed
unauthenticated remote attackers to upload x.509
certificate signing requests to arbitrary locations
(CVE-2011-3848)

Puppet was prone to several symlink attacks (CVE-2011-3870,
CVE-2011-3869, CVE-2011-3871)

Fixed bugs
bnc#726372
VUL-0: puppet AltNames Vulnerability
bnc#727024
VUL-0: puppet file overwrite via .k5login file
bnc#727025
VUL-0: puppet predicable tmp file use
bnc#721139
VUL-0: puppet directory traversal
CVE#CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN i
CVE#CVE-2011-3869
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
CVE#CVE-2011-3870
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
CVE#CVE-2011-3871
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
CVE#CVE-2011-3872
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet masters certdnsnames values to the X.509 Subject Alternative Name field of the certific
Selected Binaries
openSUSE Build Service is sponsored by
Places