[Pkg-puppet-devel] Bug#734444: puppet: Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix)
Dominic Cleal
dcleal at redhat.com
Tue Jan 7 09:19:06 UTC 2014
Package: puppet
Version: 2.7.23-1~deb7u2
Severity: normal
The fix for CVE-2013-4969 (tempfile vulnerability) contained a
regression affecting the default file mode if none is specified on a
file resource. This has been fixed in upstream 3.4.2 and 2.7.25.
Upstream bug: https://tickets.puppetlabs.com/browse/PUP-1255
Please apply the following patch from 2.7.x to fix the issue:
https://github.com/puppetlabs/puppet/commit/6a11abb8ac
This currently affects the Foreman installer as some resources in our
modules rely on this behaviour.
-- System Information:
Debian Release: 7.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages puppet depends on:
ii dpkg 1.16.12
ii puppet-common 2.7.23-1~deb7u2
ii ruby1.8 1.8.7.358-7.1+deb7u1
Versions of packages puppet recommends:
ii ruby [rdoc] 1:1.9.3
Versions of packages puppet suggests:
pn etckeeper <none>
pn puppet-el <none>
pn vim-puppet <none>
-- no debconf information
More information about the Pkg-puppet-devel
mailing list