[Pkg-puppet-devel] Puppet: possible arbitrary file overwriting in lenny
Didier Conchaudron
didier.conchaudron at nbs-system.com
Fri Dec 3 17:37:09 UTC 2010
Hi,
It seems like that puppet package in lenny is not patched against
CVE-2010-0156.
According to secunia, there is also a local privileges escalation
(http://secunia.com/advisories/36967/)
I don't really the time to investigate and check if lenny version is
really vulnerable but considering the latest entry in puppet's Changelog
I assume that no change has been done since early 2009.
Best regards,
Didier
More information about the Pkg-puppet-devel
mailing list