This bug was fixed in the package puppet - 0.25.4-2ubuntu6.2
--------------- puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of arbitrary files as puppet master (LP: #861182) - update lib/puppet/indirector.rb, lib/puppet/indirector/ssl_file.rb, lib/puppet/indirector/yaml.rb, spec/unit/indirector/ssl_file.rb and spec/unit/indirector/yaml.rb to perform proper input validation. Patch from upstream (Daniel Pittman <email address hidden>) 6e5a821cbf94b220dfc021ff7ebad0831c60e207 - CVE-2011-3848 - LP: #861182 -- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:30:14 -0500
This bug was fixed in the package puppet - 0.25.4-2ubuntu6.2
---------------
puppet (0.25.4-2ubuntu6.2) lucid-security; urgency=low
* SECURITY UPDATE: unauthenticated directory traversal allows writing of indirector. rb, lib/puppet/ indirector/ ssl_file. rb, puppet/ indirector/ yaml.rb, spec/unit/ indirector/ ssl_file. rb and unit/indirector /yaml.rb to perform proper input validation. f94b220dfc021ff 7ebad0831c60e20 7
arbitrary files as puppet master (LP: #861182)
- update lib/puppet/
lib/
spec/
Patch from upstream (Daniel Pittman <email address hidden>)
6e5a821cb
- CVE-2011-3848
- LP: #861182
-- Jamie Strandboge <email address hidden> Wed, 28 Sep 2011 08:30:14 -0500