Ubuntu Update For Puppet USN-2077-2 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

Affected

puppet on Ubuntu 13.10 , Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-January/002369.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for curl USN-1801-1
Ubuntu Update for curl USN-2399-1
Ubuntu Update for clamav USN-2157-1
Ubuntu Update for clamav USN-1816-1
Ubuntu Update for bind9 vulnerability USN-491-1

Ubuntu Update for puppet USN-2077-2

Take action and discover your vulnerabilities