Kodiak Firesmith
2013-Feb-04 14:15 UTC
[Puppet Users] Recent RoR Vulns and puppet 3x on RHEL 6?
Hello fellow Puppet users! I''m trying to perform due diligence to make sure that our Puppet installations aren''t affected by all the RoR vulns in the news recently. (http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/) (http://www.informationweek.com/security/vulnerabilities/critical-ruby-on-rails-issue-threatens-2/240145891) I''ve been watching the PuppetLabs security (https://puppetlabs.com/security/) page, and the RedHat CVE DB (https://access.redhat.com/security/cve/) and haven''t seen anything that appears to directly affect a typical Puppet3 installation on RHEL 6 running the latest RHEL6-supported Ruby (1.8.7.352-7). Is it safe to say that my platform is not affected? Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Michael Stahnke
2013-Feb-04 23:26 UTC
Re: [Puppet Users] Recent RoR Vulns and puppet 3x on RHEL 6?
Unless you''ve elected to use legacy storeconfigs (with activerecord), you are correct, your system should not be vulnerable. stahnma On Mon, Feb 4, 2013 at 6:15 AM, Kodiak Firesmith <kfiresmith@gmail.com> wrote:> Hello fellow Puppet users! > > I''m trying to perform due diligence to make sure that our Puppet > installations aren''t affected by all the RoR vulns in the news recently. > (http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/) > (http://www.informationweek.com/security/vulnerabilities/critical-ruby-on-rails-issue-threatens-2/240145891) > > I''ve been watching the PuppetLabs security > (https://puppetlabs.com/security/) page, and the RedHat CVE DB > (https://access.redhat.com/security/cve/) and haven''t seen anything that > appears to directly affect a typical Puppet3 installation on RHEL 6 running > the latest RHEL6-supported Ruby (1.8.7.352-7). > > Is it safe to say that my platform is not affected? > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Kodiak Firesmith
2013-Feb-05 19:36 UTC
Re: [Puppet Users] Recent RoR Vulns and puppet 3x on RHEL 6?
Thanks for the confirmation, Michael. On Monday, February 4, 2013 6:26:17 PM UTC-5, Michael Stanhke wrote:> > Unless you''ve elected to use legacy storeconfigs (with activerecord), > you are correct, your system should not be vulnerable. > > stahnma > > > > On Mon, Feb 4, 2013 at 6:15 AM, Kodiak Firesmith <kfire...@gmail.com<javascript:>> > wrote: > > Hello fellow Puppet users! > > > > I''m trying to perform due diligence to make sure that our Puppet > > installations aren''t affected by all the RoR vulns in the news recently. > > ( > http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/) > > > ( > http://www.informationweek.com/security/vulnerabilities/critical-ruby-on-rails-issue-threatens-2/240145891) > > > > > I''ve been watching the PuppetLabs security > > (https://puppetlabs.com/security/) page, and the RedHat CVE DB > > (https://access.redhat.com/security/cve/) and haven''t seen anything > that > > appears to directly affect a typical Puppet3 installation on RHEL 6 > running > > the latest RHEL6-supported Ruby (1.8.7.352-7). > > > > Is it safe to say that my platform is not affected? > > > > Thanks! > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to puppet-users...@googlegroups.com <javascript:>. > > To post to this group, send email to puppet...@googlegroups.com<javascript:>. > > > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.