Matthaus Owens
2013-Jun-18 17:07 UTC
[Puppet Users] Announce: Puppet 2.7.22 Available [ Security Release ]
Puppet 2.7.22 is now available. 2.7.22 addresses a security
vulnerability discovered in the 2.7.x series of Puppet. This
vulnerability has been assigned Mitre CVE number CVE-2013-3567.
All users of Puppet 2.7.21 and earlier who cannot upgrade to the
current version of Puppet, 3.2.2, are strongly encouraged to upgrade
to 2.7.22.
For more information on this vulnerability, please visit
http://puppetlabs.com/security/cve/cve-2013-3567.
Thanks to Ben Murphy, for discovering and responsibly disclosing the
vulnerability.
Downloads are available at:
* Source https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz
Windows package is available at
https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi
RPMs are available at https://yum.puppetlabs.com/el or /fedora
Debs are available at https://apt.puppetlabs.com
Mac package is available at
https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg
Gems are available via rubygems at
https://rubygems.org/downloads/puppet-2.7.22.gem or by using `gem
install puppet --version=2.7.22`
See the Verifying Puppet Download section at:
https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
Please report feedback via the Puppet Labs Redmine site, using an
affected puppet version of 2.7.22:
http://projects.puppetlabs.com/projects/puppet/
## Changelog ##
Justin Stoller (1):
fea3cb6 Improve CVE 2013 1654 SSLv2 Downgrade Master test
Matthaus Owens (3):
96be982 (packaging) Update build_defaults to remove EOL
platforms (natty, f15, f16).
7f40007 (packaging) Update debian build-depends to be ruby1.8 so
that the shebang is correct after install and ruby1.9.1 isn''t used on
newer debians.
e160e99 (packaging) Update CHANGELOG, PUPPETVERSION for 2.7.22
Moses Mendoza (1):
ba8c021 [packaging] Update mocks for rpmbuilder mock format
Patrick Carlisle (7):
788fdaf Don''t keep Gemfile.lock checked in.
535da9b Add acceptance test for report processing
2333fa4 Add vendoring system into puppet
ee741eb Fix installation of vendored libs
e8c30cb Vendor safe_yaml 0.9.2
5926d1a (#20584) Only deserialize expected objects from YAML
fd758ad Remove acceptance test for yaml parsing that was no longer valid
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Seemingly Similar Threads
- Announce: Puppet 3.2.4 Available [ Security Release ]
- is there any way to see what are the resources exported by a node?
- Puppet ssl errors " SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"
- Deployed custom facts with module do not show up
- puppet-3.2.2 runs fine - but doesn't work. 2.7.22 works fine.
Wisdom of the Ancients
