Novell Home

CVE-2012-3864

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3864 at MITRE

Description

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

NVD CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 770828

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.17-0.3.1
sles11-sp2.s390x
sled11-sp2.x86
sles11-sp2.ppc
sles11-sp2.x86-64
sles11-sp1.x86
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp2.x86
sles11-sp1.ppc
sles11-sp2.ia64
sled11-sp2.x86-64
sles11-sp1.x86-64
sles11-sp1.ia64
sled11-sp1.x86
SAT Patch Nr: 6561
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • puppet >= 2.6.17-0.3.1
  • puppet-server >= 2.6.17-0.3.1
sles11-sp2.s390x
sled11-sp2.x86
sles11-sp2.ppc
sles11-sp2.x86-64
sles11-sp1.x86
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp2.x86
sles11-sp1.ppc
sles11-sp2.ia64
sled11-sp2.x86-64
sles11-sp1.x86-64
sles11-sp1.ia64
sled11-sp1.x86
SAT Patch Nr: 6561

© 2014 Novell