Upstream information
Description
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Novell/SUSE information
Novell Bugzilla entry: 770833 SUSE Security Advisories:- SUSE-SU-2012:0983-1, published Mon, 13 Aug 2012 19:08:37 +0200 (CEST)
- openSUSE-SU-2012:0891-1, published Thu, 19 Jul 2012 17:08:32 +0200 (CEST)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 |
| sles11-sp2.s390x sled11-sp2.x86 sles11-sp2.ppc sles11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86 sles11-sp2.x86 sles11-sp1.ppc sles11-sp2.ia64 sled11-sp2.x86-64 sles11-sp1.x86-64 sles11-sp1.ia64 sled11-sp1.x86 SAT Patch Nr: 6561 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2 |
| sles11-sp2.s390x sled11-sp2.x86 sles11-sp2.ppc sles11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1-vmware.x86 sles11-sp2.x86 sles11-sp1.ppc sles11-sp2.ia64 sled11-sp2.x86-64 sles11-sp1.x86-64 sles11-sp1.ia64 sled11-sp1.x86 SAT Patch Nr: 6561 |