[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3862-1 puppet -- puppet

ID: oval:org.secpod.oval:def:602901Date: (C)2017-05-26   (M)2023-04-17
Class: PATCHFamily: unix




It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way to restore it. This affects puppet agents running on Debian wheezy; we recommend to update the the puppet version shipped in wheezy-backports.

Platform:
Debian 8.x
Product:
puppet
puppet-el
vim-puppet
Reference:
DSA-3862-1
CVE-2017-2295
CVE    1
CVE-2017-2295
CPE    4
cpe:/a:puppetlabs:vim-puppet
cpe:/o:debian:debian_linux:8.x
cpe:/a:puppetlabs:puppet-el
cpe:/a:puppetlabs:puppet
...

© SecPod Technologies