Advisories » MGASA-2017-0156

Updated puppet packages fix security vulnerability

Publication date: 08 Jun 2017
Modification date: 08 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2295

Description

It was discovered that unrestricted YAML deserialisation of data sent from
agents to the server in the Puppet configuration management system could
result in the execution of arbitrary code (CVE-2017-2295).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18640
• https://puppet.com/security/cve/cve-2017-2295
• https://www.debian.org/security/2017/dsa-3862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295

SRPMS

5/core

• puppet-3.6.2-3.1.mga5