[USN-1223-1] Puppet vulnerabilities


========================================================================== Ubuntu Security Notice USN-1223-1 September 30, 2011 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Puppet could be made to overwrite files and run programs with administrator privileges. Software Description: - puppet: Centralized configuration management Details: It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. (CVE-2011-3869) Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. (CVE-2011-3870) It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. (CVE-2011-3871) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: puppet-common 2.6.4-2ubuntu2.3 Ubuntu 10.10: puppet-common 2.6.1-0ubuntu2.2 Ubuntu 10.04 LTS: puppet-common 0.25.4-2ubuntu6.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1223-1 CVE-2011-3869, CVE-2011-3870, CVE-2011-3871 Package Information: https://launchpad.net/ubuntu/+source/puppet/2.6.4-2ubuntu2.3 https://launchpad.net/ubuntu/+source/puppet/2.6.1-0ubuntu2.2 https://launchpad.net/ubuntu/+source/puppet/0.25.4-2ubuntu6.3