Bug 748447 (CVE-2011-3872)
Summary: | CVE-2011-3872 puppet: MITM by the x509v3 certificate signing | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | blentz, katello-internal, pbrobinson, security-response-team, tmz, vdanen |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | puppet 2.6.12, puppet 2.7.6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-07-04 06:56:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 748650, 748651, 748652, 790898, 790917, 801972 | ||
Bug Blocks: | 742180, 748458 | ||
Attachments: |
Description
Jan Lieskovsky
2011-10-24 13:44:53 UTC
This issue affects the versions of the puppet package, as shipped with Fedora release of 14 and 15. -- This issue affects the versions of the puppet package, as shipped with Fedora EPEL 4, Fedora EPEL 5 and Fedora EPEL 6 releases. Created attachment 529872 [details] Local copy of proposed upstream patch for Puppet CVE-2011-3872 issue against the v2.7.5 branch Created attachment 529874 [details] Local copy of proposed upstream patch for Puppet CVE-2011-3872 issue against the v0.24 branch Removes the certdnsnames option all together. This issue affects the versions of the puppet package, as shipped with Red Hat Enterprise MRG 1.3. This issue is now public. External Reference: http://www.puppetlabs.com/security/cve/cve-2011-3872/ Closing as puppet 2.6.12 has been pushed to stable as an update for EPEL 4,5,6 and Fedora 14,15,16 and rawhide. This issue also affects CloudForms Created puppet tracking bugs for this issue Affects: fedora-all [bug 801972] I'm a bit confused (nothing new there). This issue was fixed in puppet 2.6.12 which has been in all fedora releases for a while now. As a puppet maintainer for fedora/epel, is there something that further that I need to do? Resolved in Puppet 2.7.6 and 2.6.12, CloudForms ships Puppet 2.6.14. |