Micah Anderson uploaded new packages for puppet which fixed the following security problems: CVE-2012-1053 and CVE-2012-1054 CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used. For the squeeze-backports distribution the problems have been fixed in version 2.7.11-1~bpo60+1. --
Attachment:
pgp54KwCi3Nba.pgp
Description: PGP signature