Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 14.04 LTS USN-3308-1 Moderate: Puppet Remote Code Execution

ubuntu
Calendar Grey June 5, 2017
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-3309-1 tackles issues related to OpenSSL with patches for 16.04 LTS.
Several security issues were fixed in Puppet.

Summary

Several security issues were fixed in Puppet.

Software Description:

- puppet: Centralized configuration management

Details:

Dennis Rowe discovered that Puppet incorrectly handled the search path. A

local attacker could use this issue to possibly execute arbitrary code.

(CVE-2014-3248)

It was discovered that Puppet incorrectly handled YAML deserialization. A

remote attacker could possibly use this issue to execute arbitrary code on

the master. This update is incompatible with agents older than 3.2.2.

(CVE-2017-2295)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  puppet-common                   3.4.3-1ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3308-1

CVE-2014-3248, CVE-2017-2295

June 05, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.