CVE-2013-3567

Publication date 18 June 2013

Last updated 24 July 2024


Ubuntu priority

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Status

Package Ubuntu Release Status
puppet 13.04 raring
Fixed 2.7.18-4ubuntu1.1
12.10 quantal
Fixed 2.7.18-1ubuntu1.2
12.04 LTS precise
Fixed 2.7.11-1ubuntu2.3
10.04 LTS lucid Ignored end of life

References

Related Ubuntu Security Notices (USN)

Other references