USN-3308-1: Puppet vulnerabilities

05 June 2017

Several security issues were fixed in Puppet.



  • puppet - Centralized configuration management


Dennis Rowe discovered that Puppet incorrectly handled the search path. A
local attacker could use this issue to possibly execute arbitrary code.

It was discovered that Puppet incorrectly handled YAML deserialization. A
remote attacker could possibly use this issue to execute arbitrary code on
the master. This update is incompatible with agents older than 3.2.2.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04

In general, a standard system update will make all the necessary changes.