Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
patchinfo.import5403
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.import5403
<patchinfo incident="puppet" version="5403"> <issue tracker="bnc" id="726372" /> <issue tracker="bnc" id="727024" /> <issue tracker="bnc" id="727025" /> <issue tracker="bnc" id="721139" /> <issue tracker="CVE" id="CVE-2011-3848" /> <issue tracker="CVE" id="CVE-2011-3869" /> <issue tracker="CVE" id="CVE-2011-3870" /> <issue tracker="CVE" id="CVE-2011-3871" /> <issue tracker="CVE" id="CVE-2011-3872" /> <category>security</category> <rating>low</rating> <summary>puppet security update</summary> <description>Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks (CVE-2011-3872). Note: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents. Please refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. Puppetlabs' site also provides more information: http://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-a ltnames-vulnerability/ -- Directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848) Puppet was prone to several symlink attacks (CVE-2011-3870, CVE-2011-3869, CVE-2011-3871) </description> <packager>adrianSuSE</packager> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor