USN-3567-1: Puppet vulnerability
12 February 2018
Puppet could be made to crash or run programs.
Releases
Packages
- puppet - Centralized configuration management
Details
It was discovered that Puppet incorrectly handled permissions when
unpacking certain tarballs. A local user could possibly use this issue to
execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4804-1: puppetmaster, puppetmaster-passenger, puppetmaster-common, puppet-el, vim-puppet, puppet-common, puppet-testsuite, puppet