Ubuntu
puppet package

  1. Lucid (10.04)
  2. Bug #861182
  3. Comment #22

Comment 22 for bug 861182

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package puppet - 2.6.1-0ubuntu2.1

---------------
puppet (2.6.1-0ubuntu2.1) maverick-security; urgency=low

  * SECURITY UPDATE: unauthenticated directory traversal allows writing of
    arbitrary files as puppet master
    - debian/patches/CVE-2011-3848.patch: update lib/puppet/indirector.rb,
      lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb,
      spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to
      perform proper input validation.
    - CVE-2011-3848
    - LP: #861182
 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:28:21 -0500