DSA-2511-1 puppet -- severalID: oval:org.secpod.oval:def:600847 | Date: (C)2012-07-18 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 Authenticated clients could read arbitrary files on the puppet master. CVE-2012-3865 Authenticated clients could delete arbitrary files on the puppet master. CVE-2012-3866 The report of the most recent Puppet run was stored with world- readable permissions, resulting in information disclosure. CVE-2012-3867 Agent hostnames were insufficiently validated.