please unsuscribe be. regards
2013/9/19 Raphael Geissert <geiss...@debian.org> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2761-1 secur...@debian.org > http://www.debian.org/security/ Raphael Geissert > September 19, 2013 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : puppet > Vulnerability : several > Problem type : local > Debian-specific: no > CVE ID : CVE-2013-4761 CVE-2013-4956 > > Several vulnerabilities were discovered in puppet, a centralized > configuration management system. The Common Vulnerabilities and > Exposures project identifies the following problems: > > CVE-2013-4761 > > The 'resource_type' service (disabled by default) could be used to > make puppet load arbitrary Ruby code from puppet master's file > system. > > CVE-2013-4956 > > Modules installed with the Puppet Module Tool might be installed > with weak permissions, possibly allowing local users to read or > modify them. > > The stable distribution (wheezy) has been updated to version 2.7.33 of > puppet. This version includes the patches for all the previous DSAs > related to puppet in wheezy. In this version, the puppet report format > is now correctly reported as version 3. > > It is to be expected that future DSAs for puppet update to a newer, > bug fix-only, release of the 2.7 branch. > > The oldstable distribution (squeeze) has not been updated for this > advisory: as of this time there is no fix for CVE-2013-4761 and the > package is not affected by CVE-2013-4956. > > For the stable distribution (wheezy), these problems have been fixed in > version 2.7.23-1~deb7u1. > > For the testing distribution (jessie) and the unstable distribution (sid), > these problems have been fixed in version 3.2.4-1. > > We recommend that you upgrade your puppet packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iEYEARECAAYFAlI7cvQACgkQYy49rUbZzlq22wCcCQGR2FfvrHBuIaWlPiZya2v3 > XREAn3V+J1Fu+C2WSu6sZW1LPiitkUsT > =kr8l > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/201309192356.12093.geiss...@debian.org > >
