Puppet: Multiple vulnerabilities

Puppet: Multiple vulnerabilities Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges. puppet 2012-03-06 2012-03-06 303729 308031 384859 385149 388161 403963 local, remote 2.7.11 2.7.11

Puppet is a system configuration management tool written in Ruby.

Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details.

A local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations.

There is no known workaround at this time.

All Puppet users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.11"

CVE-2009-3564 CVE-2010-0156 CVE-2011-3848 CVE-2011-3869 CVE-2011-3870 CVE-2011-3871 CVE-2011-3872 CVE-2012-1053 CVE-2012-1054 craig ackle