Package name
puppet
Date
2013-08-27
Advisory ID
MDVSA-2013:222
Affected versions
MBS1 x86_64

Problem description

Updated puppet and puppet3 package fix security vulnerabilities:

It was discovered that Puppet incorrectly handled the resource_type
service. A local attacker on the master could use this issue to
execute arbitrary Ruby files (CVE-2013-4761).

It was discovered that Puppet incorrectly handled permissions on the
modules it installed. Modules could be installed with the permissions
that existed when they were built, possibly exposing them to a local
attacker (CVE-2013-4956).

Updated packages

MBS1 x86_64

 48840493b13ae29905acd3aaa3a58af0  mbs1/x86_64/puppet-2.7.23-1.mbs1.noarch.rpm
 1884ac10a3f68ac8f1c06ee7388229ec  mbs1/x86_64/puppet-server-2.7.23-1.mbs1.noarch.rpm 
 fa68ed5d48aa3a9887c171c3d17c97b7  mbs1/SRPMS/puppet-2.7.23-1.mbs1.src.rpm

References