The following vulnerabilities have been discovered and fixed:
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
Please login to add feedback.
This update has been submitted for testing by tmz.
This update has been pushed to testing
Working OK on our testbed (EPEL6 machines)
Works for me.
Working well for me.
karma: +1
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by tmz.
This update has been pushed to stable