Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: puppet-3.1.1-1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Friday 2nd August 2013 03:25:10 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-3935
2013-03-16 00:45:13
--------------------------------------------------------------------------------

Name        : puppet
Product     : Fedora 18
Version     : 3.1.1
Release     : 1.fc18
URL         : http://puppetlabs.com
Summary     : A network tool for managing many disparate systems
Description :
Puppet lets you centrally manage every important aspect of your system
using a
cross-platform specification language that manages all the separate
elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.

--------------------------------------------------------------------------------
Update Information:

Security release from upstream.

https://groups.google.com/group/puppet-announce/browse_thread/thread/7ff8326dc79257a1


update to 3.1.0 with proper handling of Systemd.
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2013 Michael Stahnke  - 3.1.1-1
- Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
- CVE-2013-1655 CVE-2013-2274 CVE-2013-2275
* Thu Mar  7 2013 Michael Stahnke  - 3.1.0-4
- Disable systemd in F18 as per bz#873853
- Update Patch0 to work with 3.1
* Thu Mar  7 2013 Daniel Drake  - 3.1.0-2
- Improve server compatibility with old puppet clients (#831303)
* Mon Feb 11 2013 Sam Kottler  - 3.1.0-1
- Update to 3.1.0
* Tue Oct 30 2012 Moses Mendoza  - 3.0.2-1
- Update to 3.0.2
- Update new dependencies (ruby >= 1.8.7, facter >= 1.6.6, hiera >= 1.0.0)
- Update for manpage and file changes in upstream
- Add conditionals for systemd service management
- Remove 0001-Ruby-1.9.3-has-a-different-error-when-require-fails.patch
- Remove 0001-Preserve-timestamps-when-installing-files.patch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #919770 - CVE-2013-1654 Puppet: SSL protocol downgrade
        https://bugzilla.redhat.com/show_bug.cgi?id=919770
  [ 2 ] Bug #919774 - CVE-2013-1653 Puppet: kick connection HTTP PUT
request arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=919774
  [ 3 ] Bug #919775 - CVE-2013-1655 Puppet: Master code loading Ruby
symbols vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=919775
  [ 4 ] Bug #919783 - CVE-2013-1640 Puppet: catalog request code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=919783
  [ 5 ] Bug #919784 - CVE-2013-1652 Puppet: HTTP GET request catalog
retrieval
        https://bugzilla.redhat.com/show_bug.cgi?id=919784
  [ 6 ] Bug #919785 - CVE-2013-2275 Puppet: default auth.conf allows
authenticated node to submit a report for any other node
        https://bugzilla.redhat.com/show_bug.cgi?id=919785
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update puppet' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms