[Pkg-puppet-devel] Bug#1014772: puppet: CVE-2021-27025
Moritz Mühlenhoff
jmm at inutil.org
Mon Jul 11 19:37:23 BST 2022
Source: puppet
X-Debbugs-CC: team at security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for puppet.
CVE-2021-27025[0]:
| A flaw was discovered in Puppet Agent where the agent may silently
| ignore Augeas settings or may be vulnerable to a Denial of Service
| condition prior to the first 'pluginsync'.
https://puppet.com/security/cve/cve-2021-27025
https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
This is too intrusive to backport (and has limited impact)
to released suites, but still filing a bug to track it.
This can be closed when puppet-agent 7 gets uploaded to unstable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-27025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-puppet-devel
mailing list