A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.
This update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue:
Please login to add feedback.
This update has been submitted for testing by tmz.
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
This update has been pushed to testing
No problems found.
No problems in basic testing
This update has reached the stable karma threshold and will be pushed to the stable updates repository
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
This update has been pushed to stable