Bug 721139 - VUL-0: puppet directory traversal
VUL-0: puppet directory traversal
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Vítězslav Čížek
Security Team bot
. maint:released:11.3:44045 maint:rel...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-29 09:40 UTC by Ludwig Nussel
Modified: 2012-07-16 09:00 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-09-29 09:40:29 UTC
Your friendly security team received the following report.
Please respond ASAP.

Directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)
Comment 5 Ludwig Nussel 2011-10-04 13:20:35 UTC
public meanwhile:
https://groups.google.com/forum/#!topic/puppet-users/5XzidA_rlAY
Comment 7 Bernhard Wiedemann 2011-10-04 16:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (721139) was mentioned in
https://build.opensuse.org/request/show/86554 11.3 / puppet
https://build.opensuse.org/request/show/86557 11.4 / puppet
Comment 8 Vítězslav Čížek 2011-10-04 16:01:13 UTC
I've submitted packages to openSUSE 11.3, 11.4 and SLE-11-SP1.
Comment 19 Swamp Workflow Management 2011-10-27 07:58:22 UTC
Update released for: puppet, puppet-server
Products:
openSUSE 11.3 (i586, x86_64)
openSUSE 11.4 (i586, x86_64)
Comment 20 Swamp Workflow Management 2011-10-27 08:04:45 UTC
The SWAMPID for this issue is 43902.
This issue was rated as moderate.
Please submit fixed packages until 2011-11-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 21 Bernhard Wiedemann 2011-10-28 08:00:20 UTC
This is an autogenerated message for OBS integration:
This bug (721139) was mentioned in
https://build.opensuse.org/request/show/89615 Evergreen:11.1 / puppet
Comment 23 Vítězslav Čížek 2011-11-03 15:01:56 UTC
I guess I can close this too,
as it's fixed in 11.3, 11.4 and SP2.
Comment 24 Swamp Workflow Management 2011-11-28 10:48:27 UTC
Update released for: puppet, puppet-server
Products:
openSUSE 11.3 (i586, x86_64)
openSUSE 11.4 (i586, x86_64)
Comment 25 Swamp Workflow Management 2011-11-29 02:58:51 UTC
Update released for: puppet, puppet-server
Products:
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 26 Bernhard Wiedemann 2011-11-30 17:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (721139) was mentioned in
https://build.opensuse.org/request/show/94589 Evergreen:11.2 / puppet
Comment 27 Bernhard Wiedemann 2012-07-10 12:00:28 UTC
This is an autogenerated message for OBS integration:
This bug (721139) was mentioned in
https://build.opensuse.org/request/show/127500 Evergreen:11.2 / puppet
Comment 28 Bernhard Wiedemann 2012-07-16 09:00:40 UTC
This is an autogenerated message for OBS integration:
This bug (721139) was mentioned in
https://build.opensuse.org/request/show/127980 Evergreen:11.2 / puppet