Security update for puppet (important)

ID SUSE-SU-2012:0983-1
Type suse
Reporter Suse
Modified 2012-08-13T19:08:37


The following bugs have been fixed in puppet:

  • bnc#770828, CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master
  • bnc#770829, CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients
  • bnc#770833, CVE-2012-3867: puppet: insufficient input validation for agent certificate names