UbuntuUpdates.org

Package "puppet"

Name: puppet

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • syntax highlighting for puppet manifests in emacs
  • Centralized configuration management - test suite
  • Centralised configuration management - master setup to run under mod passenger
  • syntax highlighting for puppet manifests in vim
Latest version: 3.4.3-1ubuntu1.3
Release: trusty (14.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "puppet" in Trusty

Repository Area Version
base universe 3.4.3-1
base main 3.4.3-1
security universe 3.4.3-1ubuntu1.3
security main 3.4.3-1ubuntu1.3
updates main 3.4.3-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.4.3-1ubuntu1.3 2018-02-12 20:07:07 UTC

  puppet (3.4.3-1ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: insecure permissions when unpacking tarballs
    - debian/patches/CVE-2017-10689-1.patch: reset permissions when
      unpacking tar in lib/puppet/module_tool/tar/mini.rb, fix test in
      spec/unit/module_tool/tar/mini_spec.rb.
    - debian/patches/CVE-2017-10689-2.patch: use Integer instead of Fixnum
      in lib/puppet/module_tool/tar/mini.rb.
    - CVE-2017-10689

 -- Marc Deslauriers <email address hidden> Fri, 09 Feb 2018 13:46:46 -0500
Source diff to previous version
CVE-2017-10689 In previous versions of Puppet Agent it was possible to install a ...

Version: 3.4.3-1ubuntu1.2 2017-06-05 18:06:50 UTC

  puppet (3.4.3-1ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: untrusted search path vulnerability
    - debian/patches/CVE-2014-3248.patch: remove current directory from
      load path in bin/puppet.
    - CVE-2014-3248
  * SECURITY UPDATE: code execution via unsafe fact formats
    - debian/patches/CVE-2017-2295.patch: reject all fact formats except
      PSON in lib/puppet/indirector/catalog/compiler.rb, added tests to
      spec/unit/indirector/catalog/compiler_spec.rb.
    - CVE-2017-2295

 -- Marc Deslauriers <email address hidden> Fri, 02 Jun 2017 10:29:36 -0400
Source diff to previous version
CVE-2014-3248 Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0
CVE-2017-2295 Unsafe YAML deseralization

Version: 3.4.3-1ubuntu1.1 2015-04-30 21:06:21 UTC

  puppet (3.4.3-1ubuntu1.1) trusty; urgency=medium

  * fix wrong process name match in logrotate script (LP: #1410383)
 -- Bartosz Cisek <email address hidden> Fri, 06 Feb 2015 14:48:16 +0100
Source diff to previous version
1410383 wrong process name match in logrotate script

Version: 3.4.3-1ubuntu1 2015-03-30 01:06:31 UTC

  puppet (3.4.3-1ubuntu1) trusty; urgency=medium

  * Wait until the puppet and puppetmaster daemons are actually stopped
    before returning (LP: #1315021)
 -- Felipe Reyes <email address hidden> Wed, 04 Feb 2015 17:11:00 -0300
1315021 [SRU] Service restart fails because process has not exited


About   -   Send Feedback to @ubuntu_updates