[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[BSA-050] Security Update for puppet



I've uploaded new packages for puppet which fixed the following security
problems:

CVE-2011-3848
 Resist directory traversal attacks through indirections.

 In various versions of Puppet it was possible to cause a directory
 traversal attack through the SSLFile indirection base class.  This was
 variously triggered through the user-supplied key, or the Subject of
 the certificate, in the code.

For the squeeze-backports distribution the problems have been fixed in
version 2.7.1-1~bpo60+2.

micah

-- 

Attachment: pgpkqrZFzpW5y.pgp
Description: PGP signature


Reply to: