10 matches found
openSUSE Security Update : puppet (openSUSE-SU-2013:1370-1)
A potential remote code execution via YAML was fixed in puppet. CVE-2013-3567 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-661. The text description of this plugin is C SUSE...
openSUSE: Security Advisory for puppet (openSUSE-SU-2013:1370-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical: Red Hat Security Advisory: ruby193-puppet security update
Updated ruby193-puppet packages that fix three security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
puppet: security fix for YAML support (critical)
A potential remote code execution via YAML was fixed in puppet. CVE-2013-3567...
CVE-2013-3567
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...
DEBIAN-CVE-2013-3567
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...
CVE-2013-3567
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...
CVE-2013-3567
Summary: CVE-2013-3567 affects Puppet 2.7.x < 2.7.22, 3.2.x < 3.2.2, and Puppet Enterprise = 2.7.22 for 2.7.x, >= 3.2.2 for 3.2.x, or >= 2.8.2 for Puppet Enterprise.
Critical: puppet
Issue Overview: Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Affected Packages: puppet Issue Correctio...
[SECURITY] [DSA 2715-1] puppet security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2715-1 [email protected] http://www.debian.org/security/ Raphael Geissert June 26, 2013 http://www.debian.org/security/faq -...