Описание
Security update for rubygem-puppet
This update for rubygem-puppet fixes the following issues:
- CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions (boo#1080288)
Список пакетов
openSUSE Leap 42.3
ruby2.1-rubygem-puppet-3.8.7-23.1
ruby2.1-rubygem-puppet-doc-3.8.7-23.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-23.1
ruby2.2-rubygem-puppet-3.8.7-23.1
ruby2.2-rubygem-puppet-doc-3.8.7-23.1
ruby2.2-rubygem-puppet-testsuite-3.8.7-23.1
ruby2.3-rubygem-puppet-3.8.7-23.1
ruby2.3-rubygem-puppet-doc-3.8.7-23.1
ruby2.3-rubygem-puppet-testsuite-3.8.7-23.1
ruby2.4-rubygem-puppet-3.8.7-23.1
ruby2.4-rubygem-puppet-doc-3.8.7-23.1
ruby2.4-rubygem-puppet-testsuite-3.8.7-23.1
rubygem-puppet-3.8.7-23.1
rubygem-puppet-emacs-3.8.7-23.1
rubygem-puppet-master-3.8.7-23.1
rubygem-puppet-master-unicorn-3.8.7-23.1
rubygem-puppet-vim-3.8.7-23.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0471-1
- SUSE Security Ratings
Описание
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
Затронутые продукты
openSUSE Leap 42.3:ruby2.1-rubygem-puppet-3.8.7-23.1
openSUSE Leap 42.3:ruby2.1-rubygem-puppet-doc-3.8.7-23.1
openSUSE Leap 42.3:ruby2.1-rubygem-puppet-testsuite-3.8.7-23.1
openSUSE Leap 42.3:ruby2.2-rubygem-puppet-3.8.7-23.1
Ссылки
- CVE-2017-10689
- SUSE Bug 1080288