[BSA-065] Security Update for puppet

To: debian-backports-announce@lists.debian.org
Subject: [BSA-065] Security Update for puppet
From: micah anderson <micah@riseup.net>
Date: Wed, 21 Mar 2012 11:12:26 -0400
Message-id: <[🔎] 87zkbam1id.fsf@algae.riseup.net>

Micah Anderson uploaded new packages for puppet which fixed the
following security problems: CVE-2012-1053 and CVE-2012-1054

    CVE-2012-1053

    Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation.

    CVE-2012-1054

    The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.

For the squeeze-backports distribution the problems have been fixed in
version 2.7.11-1~bpo60+1.



--

Attachment: pgp54KwCi3Nba.pgp
Description: PGP signature

Reply to:

Prev by Date: [BSA-064] Security Update for gnash
Next by Date: [BSA-066] Security Update for nginx
Previous by thread: [BSA-064] Security Update for gnash
Next by thread: [BSA-066] Security Update for nginx
Index(es):
- Date
- Thread