Displaying 1 result from an estimated 1 matches for "hermansen".
Did you mean:
termansen
2011 Sep 28
0
Announce: New Puppet releases due to CVE-2011-3848 [security]
...Puppet Labs has been coordinating with Debian, Ubuntu, EPEL and
OpenSuSE maintainers. We expect new packages (with a patch backported
in many cases) to be released as soon as possible.
Separate release announcements for Puppet 2.6.10 and 2.7.4 are pending.
# Explanation #
Kristian Erik Hermansen <kristian.hermansen@gmail.com> reported that
an unauthenticated directory traversal could drop any valid X.509
Certificate Signing Request at any location on disk, with the
privileges of the Puppet Master application. This was found in the
2.7 series of Puppet, but the underlying...