Bug 2023853 (CVE-2021-27025) - CVE-2021-27025 puppet: silent configuration failure in agent
Summary: CVE-2021-27025 puppet: silent configuration failure in agent
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-27025
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2024046 2024376 2024377 2024044 2024045 2025476 2027207 2027246 2027254 2066884 2090612 2090618
Blocks: 2023864
TreeView+ depends on / blocked
 
Reported: 2021-11-16 17:18 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-06-01 20:00 UTC (History)
28 users (show)

Fixed In Version: Puppet Agent 6.25.1, Puppet Agent 7.12.1
Doc Type: If docs needed, set a value
Doc Text:
A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2022-05-04 17:15:30 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1708 0 None None None 2022-05-04 12:59:06 UTC
Red Hat Product Errata RHSA-2022:4866 0 None None None 2022-06-01 20:00:43 UTC
Red Hat Product Errata RHSA-2022:4867 0 None None None 2022-06-01 19:56:09 UTC

Description Guilherme de Almeida Suckevicz 2021-11-16 17:18:24 UTC
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first pluginsync.

Reference:
https://puppet.com/security/cve/cve-2021-27025

Comment 3 Summer Long 2021-11-17 05:54:14 UTC
Created puppet tracking bugs for this issue:

Affects: epel-all [bug 2024044]
Affects: fedora-all [bug 2024045]
Affects: openstack-rdo [bug 2024046]

Comment 5 Breno 2021-11-19 03:27:41 UTC
Epel and fedora are resolved.
I'm not sure who responds for the openstack-rdo builds.

Comment 8 Yadnyawalk Tale 2021-11-29 09:36:41 UTC
Upcoming RHUI4 release is notaffected as product removed puppet to suppose installation with Ansible playbooks.

Comment 9 errata-xmlrpc 2022-05-04 12:59:03 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.10 for RHEL 7

Via RHSA-2022:1708 https://access.redhat.com/errata/RHSA-2022:1708

Comment 10 Product Security DevOps Team 2022-05-04 17:15:26 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-27025

Comment 11 errata-xmlrpc 2022-06-01 19:56:05 UTC
This issue has been addressed in the following products:

  Satellite Tools 6.9 for RHEL 7
  Satellite Tools 6.9 for RHEL 6.ELS
  Satellite Tools 6.9 for RHEL 7.2.AUS
  Satellite Tools 6.9 for RHEL 7.3.AUS
  Satellite Tools 6.9 for RHEL 7.4.AUS
  Satellite Tools 6.9 for RHEL 7.4.E4S
  Satellite Tools 6.9 for RHEL 7.4.TUS
  Satellite Tools 6.9 for RHEL 7.6.AUS
  Satellite Tools 6.9 for RHEL 7.6.E4S
  Satellite Tools 6.9 for RHEL 7.6.EUS
  Satellite Tools 6.9 for RHEL 7.6.TUS
  Satellite Tools 6.9 for RHEL 7.7.AUS
  Satellite Tools 6.9 for RHEL 7.7.E4S
  Satellite Tools 6.9 for RHEL 7.7.EUS
  Satellite Tools 6.9 for RHEL 7.7.TUS
  Satellite Tools 6.9 for RHEL 8
  Satellite Tools 6.9 for RHEL 8.0.E4S
  Satellite Tools 6.9 for RHEL 8.1.E4S
  Satellite Tools 6.9 for RHEL 8.1.EUS
  Satellite Tools 6.9 for RHEL 8.2.AUS
  Satellite Tools 6.9 for RHEL 8.2.E4S
  Satellite Tools 6.9 for RHEL 8.2.EUS
  Satellite Tools 6.9 for RHEL 8.2.TUS
  Satellite Tools 6.9 for RHEL 8.4.AUS
  Satellite Tools 6.9 for RHEL 8.4.E4S
  Satellite Tools 6.9 for RHEL 8.4.EUS
  Satellite Tools 6.9 for RHEL 8.6.AUS
  Satellite Tools 6.9 for RHEL 8.6.E4S
  Satellite Tools 6.9 for RHEL 8.6.EUS
  Satellite Tools 6.9 for RHEL 8.6.TUS

Via RHSA-2022:4867 https://access.redhat.com/errata/RHSA-2022:4867

Comment 12 errata-xmlrpc 2022-06-01 20:00:39 UTC
This issue has been addressed in the following products:

  Satellite Tools 6.10 for RHEL 7
  Satellite Tools 6.10 for RHEL 6.ELS
  Satellite Tools 6.10 for RHEL 7.2.AUS
  Satellite Tools 6.10 for RHEL 7.3.AUS
  Satellite Tools 6.10 for RHEL 7.4.AUS
  Satellite Tools 6.10 for RHEL 7.4.E4S
  Satellite Tools 6.10 for RHEL 7.4.TUS
  Satellite Tools 6.10 for RHEL 7.6.AUS
  Satellite Tools 6.10 for RHEL 7.6.E4S
  Satellite Tools 6.10 for RHEL 7.6.TUS
  Satellite Tools 6.10 for RHEL 7.7.AUS
  Satellite Tools 6.10 for RHEL 7.7.E4S
  Satellite Tools 6.10 for RHEL 7.7.TUS
  Satellite Tools 6.10 for RHEL 8
  Satellite Tools 6.10 for RHEL 8.1.E4S
  Satellite Tools 6.10 for RHEL 8.1.EUS
  Satellite Tools 6.10 for RHEL 8.2.AUS
  Satellite Tools 6.10 for RHEL 8.2.E4S
  Satellite Tools 6.10 for RHEL 8.2.EUS
  Satellite Tools 6.10 for RHEL 8.2.TUS
  Satellite Tools 6.10 for RHEL 8.4.AUS
  Satellite Tools 6.10 for RHEL 8.4.E4S
  Satellite Tools 6.10 for RHEL 8.4.EUS
  Satellite Tools 6.10 for RHEL 8.4.TUS
  Satellite Tools 6.10 for RHEL 8.6.AUS
  Satellite Tools 6.10 for RHEL 8.6.E4S
  Satellite Tools 6.10 for RHEL 8.6.EUS

Via RHSA-2022:4866 https://access.redhat.com/errata/RHSA-2022:4866


Note You need to log in before you can comment on or make changes to this bug.