Описание
Security update for rubygem-puppet
This update for rubygem-puppet fixes the following issues:
- CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files were unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions (bsc#1080288)
Список пакетов
SUSE Linux Enterprise Module for Advanced Systems Management 12
ruby2.1-rubygem-puppet-4.8.1-32.3.1
rubygem-puppet-4.8.1-32.3.1
Ссылки
- Link for SUSE-SU-2018:0602-1
- E-Mail link for SUSE-SU-2018:0602-1
- SUSE Security Ratings
- SUSE Bug 1080288
- SUSE CVE CVE-2017-10689 page
Описание
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Advanced Systems Management 12:ruby2.1-rubygem-puppet-4.8.1-32.3.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:rubygem-puppet-4.8.1-32.3.1
Ссылки
- CVE-2017-10689
- SUSE Bug 1080288