[Pkg-puppet-devel] CVE-2012-3408 Puppet allows agents with certnames of IP addresses to be impersonated

Stig Sandbeck Mathisen ssm at debian.org
Thu Jul 12 08:59:08 UTC 2012

Henri Salo <henri at nerv.fi> writes:

> There is security vulnerability in Puppet. Could you tell me if Puppet
> packages in Debian are vulnerable or not? I can create bug-report of
> this if needed. I already added this to Debian security tracker.
> CVE-2012-3408
> http://puppetlabs.com/security/cve/cve-2012-3408/

That issue is fixed in the 2.7.18-1 upload to unstable and in
2.6.2-5+squeeze6 upload to stable-security, along with CVE-2012-3864,
CVE-2012-3865, CVE-2012-3866 and CVE-2012-3867 which those uploads

Stig Sandbeck Mathisen <ssm at debian.org>

More information about the Pkg-puppet-devel mailing list