Fedora 25: Critical Security Fix for Unsafe YAML Deserialization
fedora
June 1, 2017
Security fix for CVE-2017-2295 and fix for using systemd service provider in a chroot.
Summary
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.
Security fix for CVE-2017-2295 and fix for using systemd service provider in a
chroot.
[ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization
https://bugzilla.redhat.com/show_bug.cgi?id=1452651
su -c 'dnf upgrade puppet' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 25
Version: 4.2.1
Release: 5.fc25
Summary: A network tool for managing many disparate systems
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!