[Pkg-puppet-devel] Bug#734444: puppet: Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix)

Dominic Cleal dcleal at redhat.com
Tue Jan 7 09:19:06 UTC 2014

Package: puppet
Version: 2.7.23-1~deb7u2
Severity: normal

The fix for CVE-2013-4969 (tempfile vulnerability) contained a
regression affecting the default file mode if none is specified on a
file resource.  This has been fixed in upstream 3.4.2 and 2.7.25.

Upstream bug: https://tickets.puppetlabs.com/browse/PUP-1255

Please apply the following patch from 2.7.x to fix the issue:

This currently affects the Foreman installer as some resources in our
modules rely on this behaviour.

-- System Information:
Debian Release: 7.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages puppet depends on:
ii  dpkg           1.16.12
ii  puppet-common  2.7.23-1~deb7u2
ii  ruby1.8

Versions of packages puppet recommends:
ii  ruby [rdoc]  1:1.9.3

Versions of packages puppet suggests:
pn  etckeeper   <none>
pn  puppet-el   <none>
pn  vim-puppet  <none>

-- no debconf information

More information about the Pkg-puppet-devel mailing list