Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

SUSE 11 SP1: 2012:0325-1 Important: Puppet Local Escalation Threat

suse
Calendar Grey March 6, 2012
Dist Suse Esm H88
Urgent SUSE security announcement tackling two vulnerabilities that allow privilege elevation in Puppet. It is essential to apply patches without delay.
An update that fixes two vulnerabilities is now available

Summary

This update of puppet fixes two vulnerabilities that could potentially be exploited by local attackers to escalate privileges due to improper privilege dropping and file handling issues (symlink flaws) in puppet (CVE-2012-1053, CVE-2012-1054). Security Issue references: * CVE-2012-1053 * CVE-2012-1054 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-puppet-5876 - SUSE Linux Enterprise Server 11 SP1 FOR SP2: zypper in -t patch slessp1fsp2-puppet-5876 - SUSE Linux Enterprise Server 11 SP1:

Topics%20covered

Topics Covered

security advisory local privilege escalation software update patch important SUSE puppet

References

#747657

Cross- CVE-2012-1053 CVE-2012-1054

Affected Products:

SUSE Linux Enterprise Server 11 SP1 for VMware

SUSE Linux Enterprise Server 11 SP1 FOR SP2

SUSE Linux Enterprise Server 11 SP1

SUSE Linux Enterprise Desktop 11 SP1 FOR SP2

SUSE Linux Enterprise Desktop 11 SP1

https://www.suse.com/security/cve/CVE-2012-1053.html

https://www.suse.com/security/cve/CVE-2012-1054.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2012:0325-1
Rating: important

Topics%20covered

Topics Covered

security advisory local privilege escalation software update patch important SUSE puppet

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here