Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

SUSE: 2013:1304-1 Critical: Puppet Remote Code Execution Issue

suse
Calendar Grey August 6, 2013
Dist Suse Esm H88
Important notice for SUSE Linux highlights a vulnerability leading to remote code execution in Puppet. Prompt intervention is highly advised.
An update that fixes one vulnerability is now available

Summary

This puppet update fixes a remote code execution issue: * Unauthenticated Remote Code Execution Vulnerability with YAML and REST API calls (bug#825878, CVE-2013-3567) Security Issue reference: * CVE-2013-3567 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-puppet-8132 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-puppet-8132 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-puppet-8131 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-puppet-8131 - SUSE Linux Enterprise Desktop 11 SP3:

Topics%20covered

Topics Covered

security advisory security issue critical software update remote execution SUSE puppet

References

#825878

Cross- CVE-2013-3567

Affected Products:

SUSE Linux Enterprise Server 11 SP3 for VMware

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Desktop 11 SP2

https://www.suse.com/security/cve/CVE-2013-3567.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2013:1304-1
Rating: critical

Topics%20covered

Topics Covered

security advisory security issue critical software update remote execution SUSE puppet

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here