Puppet vulnerabilities

2013-08-15T00:00:00
ID USN-1928-1
Type ubuntu
Reporter Ubuntu
Modified 2013-08-15T00:00:00

Description

It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. (CVE-2013-4761)

It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker. (CVE-2013-4956)