Bug 742645 (CVE-2011-3869)
| Summary: | CVE-2011-3869 puppet: K5login content attack | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | unspecified | CC: | k.georgiou, ktdreyer, morazi, security-response-team, tmz, vanmeeuwen+fedora | ||||||
| Target Milestone: | --- | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | puppet 2.6.11, puppet 2.7.5 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-07-04 06:51:35 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 742654, 742655 | ||||||||
| Bug Blocks: | 742180, 748458 | ||||||||
| Attachments: |
|
||||||||
|
Description
Vincent Danen
2011-09-30 21:33:20 UTC
Created attachment 525847 [details]
patch from upstream for 2.6.x and 2.7.x
Created attachment 525848 [details]
patch from upstream for 0.25.x
Created puppet tracking bugs for this issue Affects: fedora-all [bug 742654] Affects: epel-all [bug 742655] puppet-0.25.5-2.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. Resolved in Puppet 2.7.5 and 2.6.11, CloudForms ships Puppet 2.6.14. Fixed upstream in 2.7.5 and 2.6.11. External Reference: http://puppetlabs.com/security/cve/cve-2011-3869/ |