A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first pluginsync. Reference: https://puppet.com/security/cve/cve-2021-27025
Upstream commits (PUP-11209): 7.12.1: https://github.com/puppetlabs/puppet/commit/0e189e9988c4969280134d043b871851928caa41 6.x: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8
Created puppet tracking bugs for this issue: Affects: epel-all [bug 2024044] Affects: fedora-all [bug 2024045] Affects: openstack-rdo [bug 2024046]
Epel and fedora are resolved. I'm not sure who responds for the openstack-rdo builds.
Upcoming RHUI4 release is notaffected as product removed puppet to suppose installation with Ansible playbooks.
This issue has been addressed in the following products: Red Hat Satellite 6.10 for RHEL 7 Via RHSA-2022:1708 https://access.redhat.com/errata/RHSA-2022:1708
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-27025
This issue has been addressed in the following products: Satellite Tools 6.9 for RHEL 7 Satellite Tools 6.9 for RHEL 6.ELS Satellite Tools 6.9 for RHEL 7.2.AUS Satellite Tools 6.9 for RHEL 7.3.AUS Satellite Tools 6.9 for RHEL 7.4.AUS Satellite Tools 6.9 for RHEL 7.4.E4S Satellite Tools 6.9 for RHEL 7.4.TUS Satellite Tools 6.9 for RHEL 7.6.AUS Satellite Tools 6.9 for RHEL 7.6.E4S Satellite Tools 6.9 for RHEL 7.6.EUS Satellite Tools 6.9 for RHEL 7.6.TUS Satellite Tools 6.9 for RHEL 7.7.AUS Satellite Tools 6.9 for RHEL 7.7.E4S Satellite Tools 6.9 for RHEL 7.7.EUS Satellite Tools 6.9 for RHEL 7.7.TUS Satellite Tools 6.9 for RHEL 8 Satellite Tools 6.9 for RHEL 8.0.E4S Satellite Tools 6.9 for RHEL 8.1.E4S Satellite Tools 6.9 for RHEL 8.1.EUS Satellite Tools 6.9 for RHEL 8.2.AUS Satellite Tools 6.9 for RHEL 8.2.E4S Satellite Tools 6.9 for RHEL 8.2.EUS Satellite Tools 6.9 for RHEL 8.2.TUS Satellite Tools 6.9 for RHEL 8.4.AUS Satellite Tools 6.9 for RHEL 8.4.E4S Satellite Tools 6.9 for RHEL 8.4.EUS Satellite Tools 6.9 for RHEL 8.6.AUS Satellite Tools 6.9 for RHEL 8.6.E4S Satellite Tools 6.9 for RHEL 8.6.EUS Satellite Tools 6.9 for RHEL 8.6.TUS Via RHSA-2022:4867 https://access.redhat.com/errata/RHSA-2022:4867
This issue has been addressed in the following products: Satellite Tools 6.10 for RHEL 7 Satellite Tools 6.10 for RHEL 6.ELS Satellite Tools 6.10 for RHEL 7.2.AUS Satellite Tools 6.10 for RHEL 7.3.AUS Satellite Tools 6.10 for RHEL 7.4.AUS Satellite Tools 6.10 for RHEL 7.4.E4S Satellite Tools 6.10 for RHEL 7.4.TUS Satellite Tools 6.10 for RHEL 7.6.AUS Satellite Tools 6.10 for RHEL 7.6.E4S Satellite Tools 6.10 for RHEL 7.6.TUS Satellite Tools 6.10 for RHEL 7.7.AUS Satellite Tools 6.10 for RHEL 7.7.E4S Satellite Tools 6.10 for RHEL 7.7.TUS Satellite Tools 6.10 for RHEL 8 Satellite Tools 6.10 for RHEL 8.1.E4S Satellite Tools 6.10 for RHEL 8.1.EUS Satellite Tools 6.10 for RHEL 8.2.AUS Satellite Tools 6.10 for RHEL 8.2.E4S Satellite Tools 6.10 for RHEL 8.2.EUS Satellite Tools 6.10 for RHEL 8.2.TUS Satellite Tools 6.10 for RHEL 8.4.AUS Satellite Tools 6.10 for RHEL 8.4.E4S Satellite Tools 6.10 for RHEL 8.4.EUS Satellite Tools 6.10 for RHEL 8.4.TUS Satellite Tools 6.10 for RHEL 8.6.AUS Satellite Tools 6.10 for RHEL 8.6.E4S Satellite Tools 6.10 for RHEL 8.6.EUS Via RHSA-2022:4866 https://access.redhat.com/errata/RHSA-2022:4866
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:8846 https://access.redhat.com/errata/RHSA-2022:8846
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:8862 https://access.redhat.com/errata/RHSA-2022:8862