puppet: security update for multiple issues
puppet was updated to fix various security issues:
CVEs fixed:
- bnc#770828 - CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master
- bnc#770829 - CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients
- bnc#770827 - CVE-2012-3866: puppet: last_run_report.yaml left world-readable
- bnc#770833 - CVE-2012-3867: puppet: insufficient input validation for agent certificate names
- using the new stable version, 2.6.17, which only receives security fixes.
- Removed runlevel 4.
-
Submitted by
Wojtek Dziewięcki (vdziewiecki)
Fixed bugs
bnc#770828
CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master
bnc#770829
CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients
bnc#770833
CVE-2012-3867: puppet: insufficient input validation for agent certificate names
bnc#770827
CVE-2012-3866: puppet: last_run_report.yaml left world-readable
