News

Loading...

Wednesday, February 15, 2012

ubuntu-security-announce Digest, Vol 89, Issue 9

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1365-1] Puppet vulnerability (Jamie Strandboge)


----------------------------------------------------------------------

Message: 1
Date: Tue, 14 Feb 2012 10:58:12 -0600
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1365-1] Puppet vulnerability
Message-ID: <1329238692.3155.0.camel@localhost>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1365-1
February 14, 2012

Puppet vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10

Summary:

Puppet would allow unintended access to resources over the network.

Software Description:
- puppet: Centralized configuration management

Details:

It was discovered that Puppet would allow remote ralsh under certain
circumstances. An attacker on an authenticated puppet node could exploit
this to view or manipulate resources on other Puppet nodes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
puppet-common 2.7.1-1ubuntu3.4

Ubuntu 11.04:
puppet-common 2.6.4-2ubuntu2.7

Ubuntu 10.10:
puppet-common 2.6.1-0ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1365-1
CVE-2011-0528

Package Information:
https://launchpad.net/ubuntu/+source/puppet/2.7.1-1ubuntu3.4
https://launchpad.net/ubuntu/+source/puppet/2.6.4-2ubuntu2.7
https://launchpad.net/ubuntu/+source/puppet/2.6.1-0ubuntu2.5


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120214/8bfacf7f/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 89, Issue 9
*******************************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive