Overview

File _patchinfo of Package patchinfo.6705

<patchinfo incident="6705">
  <issue id="1080288" tracker="bnc">VUL-1: CVE-2017-10689: puppet: Unpacking tarballs in tar/mini.rb can create files with insecure permissions</issue>
  <issue id="2017-10689" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>kstreitova</packager>
  <description>This update for puppet fixes the following issues:

- CVE-2017-10689: Reset permissions when unpacking tar in PMT.
  When using minitar, files were unpacked with whatever permissions are in the tarball.
  This is potentially unsafe, as tarballs can be easily created with weird permissions
  (bsc#1080288)
</description>
  <summary>Security update for puppet</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places