Moses Mendoza
2013-Jan-04 00:00 UTC
[Puppet Users] Puppet Enterprise hotfixes for ActiveRecord vulnerability [ CVE-2012-5664 ]
Good day, A security vulnerability has been discovered in Ruby on Rails, specifically in all versions of ActiveRecord. It is assigned CVE-2012-5664. The vulnerability exposes ActiveRecord to arbitrary SQL Injection. CVE details on the vulnerability can be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664 Additional detailed information can be found in the following post: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM Puppet Labs has generated security hotfixes patching the vulnerability for the latest in the 1.x series and 2.x series of Puppet Enterprise. These can be downloaded from the Puppet Labs security page: http://puppetlabs.com/security/cve/cve-2012-5664/. These security fixes will also be included in the forthcoming patch releases of Puppet Enterprise, versions 1.2.6 (security only) and 2.7.1 (security and bug fix). If you have any questions or comments, please get in touch with Puppet Labs Support. We always want your feedback! Regards, Moses Mendoza Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.