| Revision Date: | 2014-06-30 | Version: | 20 |
| Title: | USN-917-1 -- puppet vulnerabilities |
| Description: | It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2009-3564
CVE-2010-0156
USN-917-1
USN-917-1
|
| Platform(s): | Ubuntu 9.10
| Product(s): | puppet
|
| Definition Synopsis |
| Ubuntu 9.10 is installed AND Installed architecture is all
AND Packages section
puppetmaster DPKG is earlier than 0.24.8-2ubuntu4.1
OR puppet-testsuite DPKG is earlier than 0.24.8-2ubuntu4.1
OR puppet DPKG is earlier than 0.24.8-2ubuntu4.1
|