[Pkg-puppet-devel] CVE-2012-3408 Puppet allows agents with certnames of IP addresses to be impersonated
Henri Salo
henri at nerv.fi
Mon Jul 16 10:27:02 UTC 2012
On Thu, Jul 12, 2012 at 10:59:08AM +0200, Stig Sandbeck Mathisen wrote:
> Henri Salo <henri at nerv.fi> writes:
>
> > There is security vulnerability in Puppet. Could you tell me if Puppet
> > packages in Debian are vulnerable or not? I can create bug-report of
> > this if needed. I already added this to Debian security tracker.
> >
> > CVE-2012-3408
> > http://puppetlabs.com/security/cve/cve-2012-3408/
>
> That issue is fixed in the 2.7.18-1 upload to unstable and in
> 2.6.2-5+squeeze6 upload to stable-security, along with CVE-2012-3864,
> CVE-2012-3865, CVE-2012-3866 and CVE-2012-3867 which those uploads
> mention.
>
> --
> Stig Sandbeck Mathisen <ssm at debian.org>
Thank you for your answer. I will add this information to Debian security tracker. Can we get information of CVE-2012-3408 to puppet changelog?
- Henri Salo
More information about the Pkg-puppet-devel
mailing list