Advisories » MGASA-2014-0084

Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression

Publication date: 19 Feb 2014
Modification date: 19 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4969

Description

Updated puppet and puppet3 packages fix security vulnerability:

An unsafe use of temporary files was discovered in Puppet, a tool for
centralized configuration management. An attacker can exploit this 
vulnerability and overwrite an arbitrary file in the system (CVE-2013-4969).

This update also corrects an upstream regression, see references for details. 
                

References

• http://www.debian.org/security/2013/dsa-2831
• http://www.ubuntu.com/usn/usn-2077-2/
• https://bugs.mageia.org/show_bug.cgi?id=12184
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969

SRPMS

3/core

• puppet-2.7.23-1.2.mga3
• puppet3-3.2.4-1.2.mga3