Hiera 1.3.4 is a security fix release in the Hiera 1.3 series. This release addresses CVE-2014-3248. It has no other bug fixes or new features. All users of Hiera 1.3.3 and earlier are encouraged to update to 1.3.4.
** CVE-2014-3248 ** Arbitrary Code Execution with Required Social Engineering An attacker could convince an administrator to unknowingly create and execute malicious code on platforms with Ruby 1.9.1 and earlier. CVSSv2 Score: 5.9 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C Affected Hiera versions (ruby 1.9.1 and earlier platforms only): All Fixed Hiera versions: 1.3.4 See the Release Notes here: http://docs.puppetlabs.com/hiera/1/release_notes.html#hiera-134 To install Hiera, follow the installation guide: http://docs.puppetlabs.com/hiera/1/installing.html For more information on this vulnerability, please visit https://puppetlabs.com/security/cve/cve-2014-3248 To report issues with the release, file a ticket in the "HI" project on http://tickets.puppetlabs.com/ and set the "Affects version/s" field to "1.3.4" -- Moses Mendoza Puppet Labs Join us at PuppetConf 2014, September 20-24 in San Francisco Register by July 31st to take advantage of the Early Bird discount —save $249! -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CA%2B421WZjNJScw-gMUMH-R4h2wRBJ6r%3DySpLMCHmrBi6RhJFGnA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
