Puppet users - Jan 2013 - Puppet Enterprise hotfixes for Ruby on Rails JSON Parser vulnerability [ CVE-2013-0333 ]

A security vulnerability has been disclosed in Ruby on Rails, assigned
CVE-2013-0333.
The vulnerability in the JSON code for Ruby on Rails allows attackers
to bypass authentication systems, inject arbitrary SQL, inject and
execute arbitrary code, or perform a DoS attack on a Rails
application.

CVE details on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
Additional detailed information can be found in the following post:
https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo

Puppet Labs has generated security hotfixes patching the vulnerability
for the latest in the 1.x series and 2.x series of Puppet Enterprise.
These can be downloaded from the Puppet Labs security page:
http://puppetlabs.com/security/cve/cve-2013-0333/. These security
fixes will also be included in the forthcoming patch releases of
Puppet Enterprise, versions 1.2.6 (security only) and 2.7.1 (security
and bug fix).

If you have any questions or comments, please get in touch with Puppet
Labs Support. We always want your feedback!

Regards,
Matthaus Owens
Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.