Overview

File _patchinfo of Package patchinfo.618

<patchinfo incident="618">
  <packager>vdziewiecki</packager>
  <issue tracker="bnc" id="770828">CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master</issue>
  <issue tracker="bnc" id="770829">CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients</issue>
  <issue tracker="bnc" id="770833">CVE-2012-3867: puppet: insufficient input validation for agent certificate names</issue>
  <issue tracker="bnc" id="770827">CVE-2012-3866: puppet: last_run_report.yaml left world-readable</issue>
  <issue tracker="cve" id="CVE-2012-3865"></issue>
  <issue tracker="cve" id="CVE-2012-3864"></issue>
  <issue tracker="cve" id="CVE-2012-3867"></issue>
  <issue tracker="cve" id="CVE-2012-3866"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>puppet: security update for multiple issues</summary>
  <description>puppet was updated to fix various security issues:
CVEs fixed:
- bnc#770828 - CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master
- bnc#770829 - CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients
- bnc#770827 - CVE-2012-3866: puppet: last_run_report.yaml left world-readable
- bnc#770833 - CVE-2012-3867: puppet: insufficient input validation for agent certificate names

- using the new stable version, 2.6.17, which only receives security fixes.
- Removed runlevel 4.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places