Novell Home

CVE-2012-1054

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-1054 at MITRE

Description

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

NVD CVSS v2 Base Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 747657

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.12-0.12.1
sles11-sp1.x86-64
sles11-sp1.ppc
sles11-sp1-vmware.x86-64
sles11-sp1-vmware.x86-64
sles11-sp1.s390x
sles11-sp1.ia64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp2.ppc
sles11-sp2.x86
sles11-sp1.x86
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp1.x86-64
sles11-sp1.ia64
sles11-sp2.s390x
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp2.ia64
sles11-sp1.x86
sled11-sp2.x86-64
sles11-sp1.s390x
sled11-sp1.x86
SAT Patch Nr: 5876
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • puppet >= 2.6.12-0.12.1
  • puppet-server >= 2.6.12-0.12.1
sles11-sp1.x86-64
sles11-sp1.ppc
sles11-sp1-vmware.x86-64
sles11-sp1-vmware.x86-64
sles11-sp1.s390x
sles11-sp1.ia64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp2.ppc
sles11-sp2.x86
sles11-sp1.x86
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp1.x86-64
sles11-sp1.ia64
sles11-sp2.s390x
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp2.ia64
sles11-sp1.x86
sled11-sp2.x86-64
sles11-sp1.s390x
sled11-sp1.x86
SAT Patch Nr: 5876

© 2014 Novell