[Bug 978708] Re: [Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989
Launchpad Bug Tracker
978708 at bugs.launchpad.net
Wed Apr 11 13:19:05 UTC 2012
This bug was fixed in the package puppet - 2.7.11-1ubuntu2
---------------
puppet (2.7.11-1ubuntu2) precise; urgency=low
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
appdmg and pkgdmg providers (LP: #978708)
- debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
- CVE-2012-1906
* SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
- debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
- CVE-2012-1986
* SECURITY UPDATE: Denial of service via Filebucket text/marshall support
- debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
- CVE-2012-1987
* SECURITY UPDATE: Arbitrary code execution via Filebucket requests
- debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
- CVE-2012-1988
* SECURITY UPDATE: Arbritrary file writes via predictable telnet output log
filename
- debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
- CVE-2012-1989
* debian/patches/puppet-12844: Re-fetch the patch from upstream since some
missing pieces cause 'rake spec' to abort immediately
-- Tyler Hicks <tyhicks at canonical.com> Wed, 11 Apr 2012 03:55:10 -0500
** Changed in: puppet (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/978708
Title:
[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986
through CVE-2012-1989
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/978708/+subscriptions
More information about the Ubuntu-server-bugs
mailing list