Advisories » MGASA-2018-0199

Updated puppet packages fix security vulnerability

Publication date: 13 Apr 2018
Modification date: 13 Apr 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10689

Description

It was discovered that Puppet incorrectly handled permissions when
unpacking certain tarballs. A local user could possibly use this issue
to execute arbitrary code (CVE-2017-10689).

References

SRPMS

6/core

puppet-4.2.1-4.4.mga6

5/core

puppet-3.6.2-3.3.mga5