logo
DATABASE RESOURCES PRICING ABOUT US

openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)

Description

Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks (CVE-2011-3872). Note: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents. Please refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. Puppetlabs' site also provides more information: http://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-altnames-vu lnerability/ -- Directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848) Puppet was prone to several symlink attacks (CVE-2011-3870, CVE-2011-3869, CVE-2011-3871)


Related