Advisories ยป MGASA-2014-0084

Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression

Publication date: 19 Feb 2014
Modification date: 19 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4969


Updated puppet and puppet3 packages fix security vulnerability:

An unsafe use of temporary files was discovered in Puppet, a tool for
centralized configuration management. An attacker can exploit this 
vulnerability and overwrite an arbitrary file in the system (CVE-2013-4969).

This update also corrects an upstream regression, see references for details.