Fedora 26 Puppet Update ID 2017-b9b66117bb Critical: Remote Code Execution

Puppet lets you centrally manage every important aspect of your system using a

cross-platform specification language that manages all the separate elements

normally aggregated in different files, like users, cron jobs, and hosts,

along with obviously discrete elements like packages, services, and files.

Contains fixes to ensure Puppet can start correctly and a security fix for

remote code execution tracked as

[CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654). * Fix

remote code execution in Puppet master during fact uploads - Fedora#1452654 *

Fix SSL monkey patches error on startup - Fedora#1440710 , Fedora#1443673 * Fix

xmlrpc/client require error on startup - Fedora#1443673

[ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization

https://bugzilla.redhat.com/show_bug.cgi?id=1452651

su -c 'dnf upgrade puppet' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org