USN-3308-1: Puppet vulnerabilities
Ubuntu Security Notice USN-3308-1
5th June, 2017
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Several security issues were fixed in Puppet.
- puppet - Centralized configuration management
Dennis Rowe discovered that Puppet incorrectly handled the search path. A
local attacker could use this issue to possibly execute arbitrary code.
It was discovered that Puppet incorrectly handled YAML deserialization. A
remote attacker could possibly use this issue to execute arbitrary code on
the master. This update is incompatible with agents older than 3.2.2.
The problem can be corrected by updating your system to the following package version:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.