Описание
Security update for puppet
This update for puppet fixes the following issues:
- CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files were unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions (bsc#1080288)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
puppet-3.8.5-15.9.1
SUSE Linux Enterprise Desktop 12 SP3
puppet-3.8.5-15.9.1
SUSE Linux Enterprise Module for Advanced Systems Management 12
puppet-3.8.5-15.9.1
puppet-server-3.8.5-15.9.1
Ссылки
- Link for SUSE-SU-2018:0571-1
- E-Mail link for SUSE-SU-2018:0571-1
- SUSE Security Ratings
- SUSE Bug 1080288
- SUSE CVE CVE-2017-10689 page
Описание
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:puppet-3.8.5-15.9.1
SUSE Linux Enterprise Desktop 12 SP3:puppet-3.8.5-15.9.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-3.8.5-15.9.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-server-3.8.5-15.9.1
Ссылки
- CVE-2017-10689
- SUSE Bug 1080288