RHEL 6 : puppet (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - puppet: incorrect URL decoding CVE-2016-2785 - Versions of Puppet prior to 4.10.1 will deserialize data o...

Ubuntu: Security Advisory (USN-4804-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0156)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0600-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities

According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A remote command execution vulnerability exists in the MCollective plugin due to unsafe YAML deserialization. An unauthenticated, remote attacker can exploit this to...

SUSE SLES11 Security Update : puppet (SUSE-SU-2018:0600-1)

This update for puppet fixes the following issues : - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents...

SUSE-SU-2018:0600-1 Security update for puppet

This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents...

SUSE-SU-2017:2113-1 Security update for puppet

This update for puppet fixes the following issues: Security issue fixed: - CVE-2017-2295: Possible code execution vulnerability where an attacker could force YAML deserialization in an unsafe manner. In default, this update breaks a backwards compatibility with Puppet agents older than 3.2.2 as t...

openSUSE Security Update : rubygem-puppet (openSUSE-2017-835)

This update for rubygem-puppet fixes the following issues : - CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution bsc1040151 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

openSUSE: Security Advisory for rubygem-puppet (openSUSE-SU-2017:1948-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 26 : puppet (2017-b9b66117bb)

Contains fixes to ensure Puppet can start correctly and a security fix for remote code execution tracked as CVE-2017-2295. - Fix remote code execution in Puppet master during fact uploads - Fedora1452654 - Fix SSL monkey patches error on startup - Fedora1440710 , Fedora1443673 - Fix xmlrpc/client...

Puppet Enterprise < 2016.4.5, 2016.5.x < 2017.2.1 Multiple Vulnerabilities

Puppet Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:puppet:enterprise"; if...

CVE-2017-2295

CVE-2017-2295 affects Puppet prior to 4.10.1, where deserializing data off the wire could be forced into an attacker-controlled format, enabling remote code execution. The underlying issue is unsafe YAML deserialization; the fix constrains on-wire data formats to PSON or safely decoded YAML (and ...

CVE-2017-2295

Versions of Puppet prior to 4.10.1 will deserialize data off the wire from the agent to the server, in this case with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of...

Amazon Linux AMI : puppet3 (ALAS-2017-849)

Unsafe YAML deserialization : Versions of Puppet prior to 4.10.1 will deserialize data off the wire from the agent to the server, in this case with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This...

Important: puppet3

Issue Overview: Unsafe YAML deserialization: Versions of Puppet prior to 4.10.1 will deserialize data off the wire from the agent to the server, in this case with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code...

Ubuntu: Security Advisory (USN-3308-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Puppet vulnerabilities (USN-3308-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3308-1 advisory. Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code...

USN-3308-1: Puppet vulnerabilities

Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. CVE-2014-3248 It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute...

Fedora Update for puppet FEDORA-2017-8ad8d1bd86

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...