Lucene search

K
debianDebianDEBIAN:BSA-050:58D2F
HistorySep 30, 2011 - 3:12 p.m.

[BSA-050] Security Update for puppet

2011-09-3015:12:16
lists.debian.org
10

I've uploaded new packages for puppet which fixed the following security
problems:

CVE-2011-3848
Resist directory traversal attacks through indirections.

In various versions of Puppet it was possible to cause a directory
traversal attack through the SSLFile indirection base class. This was
variously triggered through the user-supplied key, or the Subject of
the certificate, in the code.

For the squeeze-backports distribution the problems have been fixed in
version 2.7.1-1~bpo60+2.

micah

Attachment:
pgpEZJw86rwIp.pgp
Description: PGP signature

Related for DEBIAN:BSA-050:58D2F