Risks
Advisories
Browse
or
or
SUSE Security Update - puppet (SUSE-SU-2013:0618-1)
SUSE Security Update: Security update for puppet
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0618-1
Rating:             important
References:         #809839
Cross-References:   CVE-2013-1640 CVE-2013-1652 CVE-2013-1653
                    CVE-2013-1654 CVE-2013-1655 CVE-2013-2274
                    CVE-2013-2275
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available. It
   includes one version update.

Description:


   puppet has been updated to fix 2.6.18 multiple
   vulnerabilities and bugs.

   * (#19391) Find the catalog for the specified node name
   * Don't assume master supports SSLv2
   * Don't require openssl client to return 0 on failure
   * Display SSL messages so we can match our regex
   * Don't assume puppetbindir is defined
   * Remove unnecessary rubygems require
   * Run openssl from windows when trying to downgrade
   master
   * Separate tests for same CVEs into separate files
   * Fix order-dependent test failure in
   rest_authconfig_spec
   * Always read request body when using Rack
   * (#19392) (CVE-2013-1653) Fix acceptance test to catch
   unvalidated model on 2.6
   * (#19392) (CVE-2013-1653) Validate indirection model
   in save handler
   * Acceptance tests for CVEs 2013 (1640, 1652, 1653,
   1654, 2274, 2275)
   * (#19531) (CVE-2013-2275) Only allow report save from
   the node matching the certname
   * (#19391) Backport Request#remote? method
   * (#8858) Explicitly set SSL peer verification mode.
   * (#8858) Refactor tests to use real HTTP objects
   * (#19392) (CVE-2013-1653) Validate instances passed to
   indirector
   * (#19391) (CVE-2013-1652) Disallow use_node compiler
   parameter for remote requests
   * (#19151) Reject SSLv2 SSL handshakes and ciphers
   * (#14093) Restore access to the filename in the
   template
   * (#14093) Remove unsafe attributes from TemplateWrapper

   Security Issue references:

   * CVE-2013-2275
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275
   >
   * CVE-2013-2274
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274
   >
   * CVE-2013-1655
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
   >
   * CVE-2013-1654
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654
   >
   * CVE-2013-1653
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653
   >
   * CVE-2013-1652
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652
   >
   * CVE-2013-1640
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-puppet-7526

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-puppet-7526

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-puppet-7526

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version:
2.6.18]:

      puppet-2.6.18-0.4.2
      puppet-server-2.6.18-0.4.2

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version:
2.6.18]:

      puppet-2.6.18-0.4.2
      puppet-server-2.6.18-0.4.2

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.18]:

      puppet-2.6.18-0.4.2


References:

   http://support.novell.com/security/cve/CVE-2013-1640.html
   http://support.novell.com/security/cve/CVE-2013-1652.html
   http://support.novell.com/security/cve/CVE-2013-1653.html
   http://support.novell.com/security/cve/CVE-2013-1654.html
   http://support.novell.com/security/cve/CVE-2013-1655.html
   http://support.novell.com/security/cve/CVE-2013-2274.html
   http://support.novell.com/security/cve/CVE-2013-2275.html
   https://bugzilla.novell.com/809839
   http://download.novell.com/patch/finder/?keywords=bc7ffedd9ace9c95117aaf0acbf73ccc




Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //