update for puppet
- Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054:
improper privilege dropping and file handling flaws
This was done by updating to the new version in stable branch.
The stable branch receives only security fixes and this update
does not provide any new features.
- Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary code execution
- Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read
- Fixed bnc#755870 CVE-2012-1987: Denial of Service
- Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write
-
Submitted by
Wojtek Dziewięcki (vdziewiecki)
Fixed bugs
bnc#747657
CVE-2012-1053, CVE-2012-1054: puppet: improper privilege dropping, file handling flaws
bnc#755870
CVE-2012-1987: puppet: Filebucket denial of service
bnc#755872
CVE-2012-1986: puppet: Filebucket arbitrary file read
bnc#755869
CVE-2012-1988: puppet: Filebucket arbitrary code execution
bnc#755871
CVE-2012-1989: puppet: insecure handling of temporary files (2.7.x only)
CVE-CVE-2012-1054
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-1053
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-1988
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-1989
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-1986
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-1987
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
