Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.
|Package||app-admin/puppet on all architectures|
|Affected versions||< 2.7.13|
|Unaffected versions||>= 2.7.13|
Puppet is a system configuration management tool written in Ruby.
Multiple vulnerabilities have been found in Puppet:
A local attacker with access to agent SSL keys could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or perform symlink attacks to overwrite or read arbitrary files on the Puppet master.
There is no known workaround at this time.
All Puppet users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.13"
August 14, 2012
August 14, 2012: 1