thr3ads.net - Puppet users - [Puppet Users] Announce: Puppet Dashboard 1.2.22 Available [ security release ] [Feb 2013]

If this information is useful, please help other people find it:
Share via:

Moses Mendoza

2013-Feb-13 20:16 UTC

[Puppet Users] Announce: Puppet Dashboard 1.2.22 Available [ security release ]

This release of Puppet Dashboard addresses CVE-2013-0277 and
CVE-2013-0269. These are vulnerabilities that affect Ruby on Rails,
specifically around YAML serialization and JSON handling. They expose
vulnerable systems to SQL Injection, Denial of Service Attacks, and
arbitrary YAML deserialization.

Additionally, CVE-2013-0276 and CVE-2013-0263 affect vendored
components of Puppet Dashboard, but by default Puppet Dashboard does
not interact with them in a way that exposes it to these
vulnerabilities. Nevertheless, this release of Puppet Dashboard
addresses these CVEs as well.

Detailed information on the CVEs can be found at these URLs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263

Downloads
=======
RPM packages for are available at https://yum.puppetlabs.com/el or /fedora

Debian packages are available at https://apt.puppetlabs.com

Source can be downloaded from
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.22.tar.gz,
along with the accompanying signature file,
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.22.tar.gz.asc.

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Changelog
=======Nick Lewis (4):
      efab99d Upgrade to Rails 2.3.17
      d2ae98f Upgrade to rack 1.1.6
      90f2ca6 Upgrade json_pure to 1.5.5
      2128ed8 Fix failing test due to new HTML-escaping rules

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Possibly Parallel Threads

Search for more maybe matching threads

Puppet users - Feb 2013 - Announce: Puppet Dashboard 1.2.22 Available [ security release ]

[Puppet Users] Announce: Puppet Dashboard 1.2.22 Available [ security release ]

Possibly Parallel Threads

Wisdom of the Ancients