stable
FEDORA-EPEL-2011-4768 created by tmz 10 years ago for Fedora EPEL 6

A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.

This update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue:

http://puppetlabs.com/security/cve/cve-2011-3872/

This update has been submitted for testing by tmz.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon orion commented & provided feedback 10 years ago
karma

No problems found.

User Icon pbrobinson commented & provided feedback 10 years ago
karma

No problems in basic testing

User Icon erinn provided feedback 10 years ago
karma

This update has reached the stable karma threshold and will be pushed to the stable updates repository

10 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
modified
10 years ago

Automated Test Results