logo
DATABASE RESOURCES PRICING ABOUT US

[BSA-055] Security update for puppet

Description

Micah Anderson uploaded new packages for puppet which fixed the following security problems: CVE-2011-3872 Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability." For the squeeze-backports distribution the problems have been fixed in version 2.7.6-1~bpo60+1. -- Attachment: pgp546M1CdwI9.pgp Description: PGP signature


Affected Package


OS OS Version Package Name Package Version
Debian 6 puppet-testsuite 2.6.2-5+squeeze3
Debian 5 puppet 0.24.5-3+lenny2
Debian 6 puppetmaster 2.6.2-5+squeeze3
Debian 6 puppet-common 2.6.2-5+squeeze3
Debian 6 puppet 2.6.2-5+squeeze3
Debian 5 puppetmaster 0.24.5-3+lenny2
Debian 6 puppet-el 2.6.2-5+squeeze3
Debian 6 vim-puppet 2.6.2-5+squeeze3

Related