DSA-2831-2 puppet -- regressionID: oval:org.secpod.oval:def:601199 | Date: (C)2014-01-22 (M)2022-10-10 |
Class: PATCH | Family: unix |
The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution is not affected by this regression. For the stable distribution , this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution and the unstable distribution , this problem has been fixed in version 3.4.2-1. For reference, the original advisory text follows. An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.
Platform: |
Debian 7.0 |
Debian 6.0 |