17 matches found
EUVD-2017-0193
Malware in sbrugna...
EUVD-2021-0827
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-7942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate...
Updated puppet packages fix security vulnerabilities
The updated packages fix missing requires for puppet and fix commands in systemd units...
SUSE-SU-2018:0600-1 Security update for puppet
This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents...
SUSE-SU-2018:0571-1 Security update for puppet
This update for puppet fixes the following issues: - CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files were unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions bsc1080288...
SUSE-SU-2017:2113-1 Security update for puppet
This update for puppet fixes the following issues: Security issue fixed: - CVE-2017-2295: Possible code execution vulnerability where an attacker could force YAML deserialization in an unsafe manner. In default, this update breaks a backwards compatibility with Puppet agents older than 3.2.2 as t...
[SECURITY] [DLA 1012-1] puppet security update
Package : puppet Version : 2.7.23-1deb7u4 CVE ID : CVE-2017-2295 Debian Bug : 863212 Versions of Puppet prior to 4.10.1 will deserialize data off the wire from the agent to the server, in this case with a attacker-specified format. This could be used to force YAML deserialization in an unsafe...
MGASA-2017-0156 Updated puppet packages fix security vulnerability
It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code CVE-2017-2295...
openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)
Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks CVE-2011-3872. Note: If you've set the 'certdnsnames' option in your master's puppet.conf file...
Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression
Updated puppet and puppet3 packages fix security vulnerability: An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system CVE-2013-4969. This update also...
CVE-2012-3864
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...
[BSA-065] Security Update for puppet
Micah Anderson uploaded new packages for puppet which fixed the following security problems: CVE-2012-1053 and CVE-2012-1054 CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted...
CVE-2011-3871
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...
CVE-2011-3870
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorizedkeys file...
[BSA-050] Security Update for puppet
Ive uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848 Resist directory traversal attacks through indirections. In various versions of Puppet it was possible to cause a directory traversal attack through the SSLFile indirection base class. This was various...
CVE-2010-0156
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...