Download
| Alert*
oval:org.secpod.oval:def:52863
puppet: Centralized configuration management Several security issues were fixed in Puppet. oval:org.secpod.oval:def:703640 puppet: Centralized configuration management Several security issues were fixed in Puppet. oval:org.secpod.oval:def:89002483 This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents older ... oval:org.secpod.oval:def:112428 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:602901 It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way t ... oval:org.secpod.oval:def:1600721 Unsafe YAML deserialization:Versions of Puppet prior to 4.10.1 will deserialize data off the wire with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire ... |