Updated puppet and puppet3 package fix security vulnerabilitiesPublication date: 26 Aug 2013
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4761 , CVE-2013-4956
It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files (CVE-2013-4761). It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker (CVE-2013-4956).