[Pkg-puppet-devel] [DSA 2715-1] puppet security update & squeeze-backports

Hoshi Hoshimoto hoshi.hoshimoto at googlemail.com
Wed Jul 10 08:24:42 UTC 2013


Am 09.07.2013 18:43, schrieb Russ Allbery:
> Hoshi Hoshimoto <hoshi.hoshimoto at googlemail.com> writes:
>
>> I take it from your answer and the description of DSA-2715-1, that
>> upgrading the Puppetmaster is enough to be safe?
>
> I'm not sure whether you also need to upgrade the Puppet CA.  I don't
> *think* so from the description, since the vulnerability involves
> interpreting data from the client, and I wouldn't think the Puppet CA
> would do that.  But I've not seen any confirmation there.
>
> You shouldn't need to upgrade the clients.
>

Well, out of curiosity I went forward and also upgraded my 
(test-)clients, again without any issues.

Therefore I also did the upgrade on the productive Puppetmaster and its 
clients. Works abolutely fine so far.

So for anybody interested in this, the current Puppet packages from 
wheezy (2.7.18-5) seem to work perfectly fine on squeeze.

Regards,
Hoshi



More information about the Pkg-puppet-devel mailing list