Lucene search

K
debianDebianDEBIAN:BSA-050:58D2F
HistorySep 30, 2011 - 3:12 p.m.

[BSA-050] Security Update for puppet

2011-09-3015:12:16
lists.debian.org
15

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.006

Percentile

78.1%

I've uploaded new packages for puppet which fixed the following security
problems:

CVE-2011-3848
Resist directory traversal attacks through indirections.

In various versions of Puppet it was possible to cause a directory
traversal attack through the SSLFile indirection base class. This was
variously triggered through the user-supplied key, or the Subject of
the certificate, in the code.

For the squeeze-backports distribution the problems have been fixed in
version 2.7.1-1~bpo60+2.

micah

Attachment:
pgpEZJw86rwIp.pgp
Description: PGP signature

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.006

Percentile

78.1%