SUSE CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...

Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...

openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1)

puppet was prone to several security issues %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-269. The text description of this plugin is C SUSE LLC...

puppet: Filebucket denial of service

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream tha...

Gentoo Security Advisory GLSA 201208-02 (Puppet)

The remote host is missing updates announced in advisory GLSA 201208-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Fedora Update for puppet FEDORA-2012-10897

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

CVE-2012-1986

Puppet CVE-2012-1986 affects Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, plus Puppet Enterprise (PE) 1.0–2.5.x before 2.5.1. Remote authenticated users with an authorized SSL key and certain puppet-master permissions can read arbitrary files via a symlink attack when making a crafted REST...

Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)

This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/ReleaseNotes2.6.15 Note that Tenable Network Security has extracted the preceding...

Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)

This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/ReleaseNotes2.6.15 Note that Tenable Network Security has extracted the preceding...

Fedora Update for puppet FEDORA-2012-6055

Check for the Version of puppet OpenVAS Vulnerability Test Fedora Update for puppet FEDORA-2012-6055 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

FreeBSD Ports: puppet

The remote host is missing an update to the system as announced in the referenced advisory. VID 607d2108-a0e4-423a-bf78-846f2a8f01b0 OpenVAS Vulnerability Test $ Description: Auto generated from VID 607d2108-a0e4-423a-bf78-846f2a8f01b0 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2451-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for puppet FEDORA-2012-5999

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] [DSA 2451-1] puppet security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2451-1 [email protected] http://www.debian.org/security/ Nico Golde April 13, 2012 http://www.debian.org/security/faq -...

USN-1419-1: Puppet vulnerabilities

It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. CVE-2012-1906 It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this t...

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...