Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1948-1

Опубликовано: 24 июл. 2017
Источник: suse-cvrf

Описание

Security update for rubygem-puppet

This update for rubygem-puppet fixes the following issues:

  • CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution (bsc#1040151)

Список пакетов

openSUSE Leap 42.2
ruby2.1-rubygem-puppet-3.8.7-20.1
ruby2.1-rubygem-puppet-doc-3.8.7-20.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.2-rubygem-puppet-3.8.7-20.1
ruby2.2-rubygem-puppet-doc-3.8.7-20.1
ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.3-rubygem-puppet-3.8.7-20.1
ruby2.3-rubygem-puppet-doc-3.8.7-20.1
ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.4-rubygem-puppet-3.8.7-20.1
ruby2.4-rubygem-puppet-doc-3.8.7-20.1
ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1
rubygem-puppet-3.8.7-20.1
rubygem-puppet-emacs-3.8.7-20.1
rubygem-puppet-master-3.8.7-20.1
rubygem-puppet-master-unicorn-3.8.7-20.1
rubygem-puppet-vim-3.8.7-20.1
openSUSE Leap 42.3
ruby2.1-rubygem-puppet-3.8.7-20.1
ruby2.1-rubygem-puppet-doc-3.8.7-20.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.2-rubygem-puppet-3.8.7-20.1
ruby2.2-rubygem-puppet-doc-3.8.7-20.1
ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.3-rubygem-puppet-3.8.7-20.1
ruby2.3-rubygem-puppet-doc-3.8.7-20.1
ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.4-rubygem-puppet-3.8.7-20.1
ruby2.4-rubygem-puppet-doc-3.8.7-20.1
ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1
rubygem-puppet-3.8.7-20.1
rubygem-puppet-emacs-3.8.7-20.1
rubygem-puppet-master-3.8.7-20.1
rubygem-puppet-master-unicorn-3.8.7-20.1
rubygem-puppet-vim-3.8.7-20.1

Ссылки

Описание

Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.

Затронутые продукты
openSUSE Leap 42.2:ruby2.1-rubygem-puppet-3.8.7-20.1
openSUSE Leap 42.2:ruby2.1-rubygem-puppet-doc-3.8.7-20.1
openSUSE Leap 42.2:ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1
openSUSE Leap 42.2:ruby2.2-rubygem-puppet-3.8.7-20.1
Ссылки