Novell Home

CVE-2013-4761

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4761 at MITRE

Description

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

NVD CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 835122, 836962, 880224

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • puppet >= 2.6.18-0.14.1
Builds
SAT Patch Nr: 9033
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • puppet >= 2.6.18-0.14.1
  • puppet-server >= 2.6.18-0.14.1
Builds
SAT Patch Nr: 9033
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • facter >= 1.5.2-1.22.3.1
SAT Patch Nr: 8302
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.18-0.12.1
Builds
SAT Patch Nr: 8811
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • puppet >= 2.6.18-0.12.1
  • puppet-server >= 2.6.18-0.12.1
Builds
SAT Patch Nr: 8811
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • facter >= 1.5.2-1.22.3.1
SAT Patch Nr: 8301
SUSE Linux Enterprise Server 11 SP2 LTSS
  • puppet >= 2.6.18-0.14.1
  • puppet-server >= 2.6.18-0.14.1
Builds
SAT Patch Nr: 9034
SUSE Linux Enterprise Desktop 11 SP3
  • puppet >= 2.6.18-0.12.1
Builds
SAT Patch Nr: 8812
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • puppet >= 2.6.18-0.12.1
  • puppet-server >= 2.6.18-0.12.1
Builds
SAT Patch Nr: 8812

© 2014 Novell