diff options
| author | Brad Davis <brd@FreeBSD.org> | 2013-08-16 17:54:41 +0000 |
|---|---|---|
| committer | Brad Davis <brd@FreeBSD.org> | 2013-08-16 17:54:41 +0000 |
| commit | beeccba037850df4ef55cb3306648afca4128b27 (patch) | |
| tree | 5da73374664f5bad77672d343e8cd8576eca4358 | |
| parent | 9e2de3c5e58e78fd0b7114713b0121a4a95480ee (diff) | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 37 | ||||
| -rw-r--r-- | sysutils/puppet/Makefile | 2 | ||||
| -rw-r--r-- | sysutils/puppet/distinfo | 4 |
3 files changed, 40 insertions, 3 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ea20f045f722..b042346ecdca 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,43 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2b2f6092-0694-11e3-9e8e-000c29f6ae42"> + <topic>puppet -- multiple vulnerabilities</topic> + <affects> + <package> + <name>puppet</name> + <range><ge>2.7</ge><lt>2.7.23</lt></range> + <range><ge>3.0</ge><lt>3.2.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Puppet Labs reports:</p> + <blockquote cite="http://puppetlabs.com/security/cve/cve-2013-4761/"> + <p>By using the `resource_type` service, an attacker could + cause puppet to load arbitrary Ruby files from the puppet + master node's file system. While this behavior is not + enabled by default, `auth.conf` settings could be modified + to allow it. The exploit requires local file system access + to the Puppet Master.</p> + <p>Puppet Module Tool (PMT) did not correctly control + permissions of modules it installed, instead transferring + permissions that existed when the module was built.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4761</cvename> + <cvename>CVE-2013-4956</cvename> + <url>http://puppetlabs.com/security/cve/cve-2013-4761/</url> + <url>http://puppetlabs.com/security/cve/cve-2013-4956/</url> + </references> + <dates> + <discovery>2013-07-05</discovery> + <entry>2013-08-16</entry> + </dates> + </vuln> + <vuln vid="9a0a892e-05d8-11e3-ba09-000c29784fd1"> <topic>lcms2 -- Null Pointer Dereference Denial of Service Vulnerability</topic> <affects> diff --git a/sysutils/puppet/Makefile b/sysutils/puppet/Makefile index 3855324e5f07..cff169c36f7f 100644 --- a/sysutils/puppet/Makefile +++ b/sysutils/puppet/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= puppet -PORTVERSION= 3.2.3 +PORTVERSION= 3.2.4 CATEGORIES= sysutils MASTER_SITES= http://downloads.puppetlabs.com/puppet/ diff --git a/sysutils/puppet/distinfo b/sysutils/puppet/distinfo index 41bde8186916..d807f2636c71 100644 --- a/sysutils/puppet/distinfo +++ b/sysutils/puppet/distinfo @@ -1,2 +1,2 @@ -SHA256 (puppet-3.2.3.tar.gz) = 6a19927d6126b9f6f40e94997c0896a618da8983178ca0e30264122b70edf819 -SIZE (puppet-3.2.3.tar.gz) = 1782059 +SHA256 (puppet-3.2.4.tar.gz) = 8b38f4adee6237b8dd7b1956d90af97f2d0091245d6e30b708bbc8e333001358 +SIZE (puppet-3.2.4.tar.gz) = 1786216 |