Puppet: possible arbitrary file overwriting in lenny

To: pkg-puppet-devel@lists.alioth.debian.org
Cc: debian-security-tracker@lists.debian.org
Subject: Puppet: possible arbitrary file overwriting in lenny
From: Didier Conchaudron <didier.conchaudron@nbs-system.com>
Date: Fri, 03 Dec 2010 18:37:09 +0100
Message-id: <[🔎] 4CF92AC5.90305@nbs-system.com>

Hi,

It seems like that puppet package in lenny is not patched against
CVE-2010-0156.
According to secunia, there is also a local privileges escalation
(http://secunia.com/advisories/36967/)

I don't really the time to investigate and check if lenny version is
really vulnerable but considering the latest entry in puppet's Changelog
I assume that no change has been done since early 2009.

Best regards,
Didier

Reply to:

Follow-Ups:
- Re: Puppet: possible arbitrary file overwriting in lenny
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Next by Date: Re: Puppet: possible arbitrary file overwriting in lenny
Next by thread: Re: Puppet: possible arbitrary file overwriting in lenny
Index(es):
- Date
- Thread