Bug 919783 (CVE-2013-1640)
Summary: | CVE-2013-1640 Puppet: catalog request code execution | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||||
Severity: | high | Docs Contact: | |||||||||||||
Priority: | high | ||||||||||||||
Version: | unspecified | CC: | apevec, bkearney, ccoleman, cpelland, dajohnso, dmcphers, jeckersb, jialiu, jlieskov, jomara, jrusnack, lmeyer, markmc, mmccune, morazi, msuchy, rbryant, rh, sclewis, security-response-team, tkramer | ||||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | puppet 2.6.18, puppet 2.7.21, puppet 3.1.1 | Doc Type: | Bug Fix | ||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2014-03-11 07:00:22 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Bug Depends On: | 919788, 919790, 919791, 920843, 920845, 924458, 995663 | ||||||||||||||
Bug Blocks: | 919786, 919787, 921763 | ||||||||||||||
Attachments: |
|
Description
Kurt Seifried
2013-03-10 05:04:45 UTC
Created puppet tracking bugs for this issue Affects: epel-all [bug 920843] Created puppet tracking bugs for this issue Affects: fedora-all [bug 920845] Created attachment 710424 [details]
puppet-3.1.0-CVE-Rollup.patch
Created attachment 710425 [details]
puppet-2.7.20-CVE-Rollup.patch
Created attachment 710426 [details]
puppet-2.7.18-CVE-Rollup.patch
Created attachment 710427 [details]
puppet-2.7.11-CVE-Rollup.patch
Created attachment 710428 [details]
puppet-2.6.17-CVE-Rollup.patch
Acknowledgements: Red Hat would like to thank Puppet Labs for reporting this issue. This issue has been addressed in following products: OpenStack Folsom for RHEL 6 Via RHSA-2013:0710 https://rhn.redhat.com/errata/RHSA-2013-0710.html puppet-2.6.18-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. puppet-2.6.18-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. Removed due to typo. puppet-3.1.1-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |