thr3ads.net - Puppet users - [Puppet Users] Puppet 3.4.2 Windows package updated for CVE-2013-6393 [Feb 2014]

If this information is useful, please help other people find it:
Share via:

Matthaus Owens

2014-Feb-11 21:33 UTC

[Puppet Users] Puppet 3.4.2 Windows package updated for CVE-2013-6393

We have rebuilt our Windows package for Puppet 3.4.2 in response to
CVE-2013-6393[1]. The package includes ruby 1.9.3-p484 compiled against an
updated libyaml. It is available at
http://downloads.puppetlabs.com/windows/puppet-3.4.2-20140211.msi

CVE-2013-6393 is a vulnerability in the libyaml library that could lead to
a denial of service, and the possibility of arbitrary code execution.

[1] - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393

-- 
Matthaus Owens
Release Manager, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CACD%3DwAdhr83kf0kR_LGsYBNnLCwPd1SE7gZ00fVZm%2BJx6n3uGw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Puppet users - Feb 2014 - Puppet 3.4.2 Windows package updated for CVE-2013-6393

[Puppet Users] Puppet 3.4.2 Windows package updated for CVE-2013-6393