RHEL 6 : CloudForms Commons 1.1 (RHSA-2012:1542)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1542 advisory. Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service IaaS product that lets you create and manage private and public...

SUSE CVE-2012-1988

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...

SUSE CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...

Puppet Arbitrary Command Execution

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...

Amazon Linux: Security Advisory (ALAS-2012-75)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 11.1 Security Update : puppet (SAT Patch Number 6115)

This update fixes the following issues : - Filebucket arbitrary file read. CVE-2011-1986 - Filebucket DoS. CVE-2012-1987 - Filebucket arbitrary code execution. CVE-2012-1988 - insecure handling of temporary files. CVE-2012-1989 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

puppet: Filebucket arbitrary file read

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

puppet: Filebucket arbitrary code execution

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...

puppet: Filebucket denial of service

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream tha...

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...

DEBIAN-CVE-2012-1988

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...

DEBIAN-CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

CVE-2012-1987

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream tha...

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

PT-2012-1143 · Puppet +1 · Puppet Enterprise (Pe) Users +2

Name of the Vulnerable Software and Affected Versions: Puppet versions 2.6.x through 2.6.14 Puppet versions 2.7.x through 2.7.12 Puppet Enterprise PE Users versions 1.0 through 1.2.x Puppet Enterprise PE Users versions 2.0.x through 2.5.0 Description: The issue allows remote authenticated users...

Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)

With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has improved support for ruby-1.9, is required. Note that ruby-1.9 is not fully supported in the puppet-2.7 series. Where possible, patches from the next upstream release branch will be backported to improve ruby-1.9 compatibility...

Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)

This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/ReleaseNotes2.6.15 Note that Tenable Network Security has extracted the preceding...

Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)

This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/ReleaseNotes2.6.15 Note that Tenable Network Security has extracted the preceding...

Ubuntu Update for puppet USN-1419-1

Ubuntu Update for Linux kernel vulnerabilities USN-1419-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14191.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for puppet USN-1419-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...