Moses Mendoza (moses) reports: CVE-2013-1655 - Unauthenticated remote code execution risk * Affected versions: 2.7.0 and greater * Affects puppet masters running ruby 1.9.3 and up * Patched versions: 2.7.x, 3.1.x A bug in Puppet allows unauthenticated clients to send requests to the puppet master, and have the master load code in an unsafe manner. This has the potential for causing problems such as described in the Rails CVE-2013-0156, though we have not identified an exploit at this time. It only affects users whose puppet masters are running ruby 1.9.3 and above. External References: https://puppetlabs.com/security/cve/cve-2013-1655/
Created puppet tracking bugs for this issue Affects: fedora-all [bug 920845]
For the puppet roll-up patches please see Bz 919783 for the patch files.
puppet-3.1.1-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.