Updated puppet packages fix security vulnerability
Publication date: 13 Apr 2018Modification date: 13 Apr 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10689
Description
It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code (CVE-2017-10689).
References
SRPMS
5/core
- puppet-3.6.2-3.3.mga5
6/core
- puppet-4.2.1-4.4.mga6