Bug 726372 - VUL-0: puppet AltNames Vulnerability
VUL-0: puppet AltNames Vulnerability
Status: RESOLVED FIXED
: 728749 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
E-mail List
maint:released:11.3:44045 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-25 12:53 UTC by Sebastian Krahmer
Modified: 2011-12-09 22:00 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2011-10-25 12:53:33 UTC
There is a new vulnerability in puppet described here:

http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/


It is CVE-2011-3872
Comment 1 Vítězslav Čížek 2011-10-25 14:10:16 UTC
Version 2.7.6, which doesn't issue dangerous certificates has been submitted to Factory (request id 89291).
Comment 3 Swamp Workflow Management 2011-10-27 08:04:45 UTC
The SWAMPID for this issue is 43902.
This issue was rated as moderate.
Please submit fixed packages until 2011-11-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Vítězslav Čížek 2011-10-27 15:13:13 UTC
I've asked upstream for patches, as they released the new tarballs only.

(From Sebastian's link:
Distribution maintainers have been sent patches for all the versions of Puppet that are currently maintained in Fedora, EPEL, Debian, Ubuntu and Gentoo.)
Comment 5 Bernhard Wiedemann 2011-10-31 11:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (726372) was mentioned in
https://build.opensuse.org/request/show/89788 11.4 / puppet
Comment 6 Bernhard Wiedemann 2011-11-01 11:00:19 UTC
This is an autogenerated message for OBS integration:
This bug (726372) was mentioned in
https://build.opensuse.org/request/show/89861 11.4 / puppet
https://build.opensuse.org/request/show/89863 11.3 / puppet
Comment 12 Vítězslav Čížek 2011-11-01 13:56:46 UTC
Sure, thanks.
Comment 17 Dirk Mueller 2011-11-08 13:17:33 UTC
*** Bug 728749 has been marked as a duplicate of this bug. ***
Comment 20 Swamp Workflow Management 2011-11-08 23:00:22 UTC
bugbot adjusting priority
Comment 22 Swamp Workflow Management 2011-11-09 23:00:22 UTC
bugbot adjusting priority
Comment 24 Vítězslav Čížek 2011-11-11 17:19:51 UTC
Fixed. Closing.
Comment 25 Swamp Workflow Management 2011-11-28 10:48:20 UTC
Update released for: puppet, puppet-server
Products:
openSUSE 11.3 (i586, x86_64)
openSUSE 11.4 (i586, x86_64)
Comment 26 Swamp Workflow Management 2011-11-29 02:58:45 UTC
Update released for: puppet, puppet-server
Products:
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 27 Bernhard Wiedemann 2011-11-30 17:00:34 UTC
This is an autogenerated message for OBS integration:
This bug (726372) was mentioned in
https://build.opensuse.org/request/show/94589 Evergreen:11.2 / puppet
Comment 28 Bernhard Wiedemann 2011-12-09 22:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (726372) was mentioned in
https://build.opensuse.org/request/show/96214 Evergreen:11.1 / puppet
https://build.opensuse.org/request/show/96215 Evergreen:11.1 / puppet