Novell Home

CVE-2013-3567

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-3567 at MITRE

Description

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 825878

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.18-0.6.1
Builds
SAT Patch Nr: 8131
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • puppet >= 2.6.18-0.6.1
  • puppet-server >= 2.6.18-0.6.1
Builds
SAT Patch Nr: 8131
SUSE Linux Enterprise Desktop 11 SP3
  • puppet >= 2.6.18-0.6.1
Builds
SAT Patch Nr: 8132
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • puppet >= 2.6.18-0.6.1
  • puppet-server >= 2.6.18-0.6.1
Builds
SAT Patch Nr: 8132
SUSE Linux Enterprise Desktop 11 SP3
  • puppet >= 2.6.18-0.8.1
Builds
SAT Patch Nr: 8324
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • puppet >= 2.6.18-0.8.1
  • puppet-server >= 2.6.18-0.8.1
Builds
SAT Patch Nr: 8324
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.18-0.8.1
Builds
SAT Patch Nr: 8323
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • puppet >= 2.6.18-0.8.1
  • puppet-server >= 2.6.18-0.8.1
Builds
SAT Patch Nr: 8323

© 2014 Novell