Ubuntu Update For Puppet Vulnerabilities USN-917-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-917-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. (CVE-2009-3564) It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files. (CVE-2010-0156)

Affected

puppet vulnerabilities on Ubuntu 9.10

Severity

Classification

CVE CVE-2009-3564, CVE-2010-0156
CVSS Base Score: 4.7
AV:L/AC:M/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Ubuntu Update for cups USN-2172-1
Ubuntu Update for curl USN-2058-1
Ubuntu Update for cinder USN-1731-1
Ubuntu Update for curl USN-1801-1
Ubuntu Update for clamav USN-1482-2

Ubuntu Update for puppet vulnerabilities USN-917-1

Take action and discover your vulnerabilities