USN-917-1: Puppet vulnerabilities
Publication date
24 March 2010
Overview
Puppet vulnerabilities
Releases
Packages
- puppet -
Details
It was discovered that Puppet did not drop supplementary groups when being
run as a different user. A local user may be able to use this flaw to
bypass security restrictions and gain access to restricted files.
(CVE-2009-3564)
It was discovered that Puppet did not correctly handle temporary files. A
local user can exploit this flaw to bypass security restrictions and
overwrite arbitrary files. (CVE-2010-0156)
It was discovered that Puppet did not drop supplementary groups when being
run as a different user. A local user may be able to use this flaw to
bypass security restrictions and gain access to restricted files.
(CVE-2009-3564)
It was discovered that Puppet did not correctly handle temporary files. A
local user can exploit this flaw to bypass security restrictions and
overwrite arbitrary files. (CVE-2010-0156)
Update instructions
In general, a standard system upgrade is sufficient to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.10 karmic | puppet – 0.24.8-2ubuntu4.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.