Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2013-213

Related Vulnerabilities: CVE-2013-3567  

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Source

ALAS-2013-213

Amazon Linux AMI Security Advisory: ALAS-2013-213
Advisory Release Date: 2013-07-12 15:57 Pacific
Advisory Updated Date: 2014-09-15 23:18 Pacific
Severity: Critical
References: CVE-2013-3567 
Issue Overview:

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.


Affected Packages:

puppet


Issue Correction:
Run yum update puppet to update your system.

New Packages:
i686:
    puppet-debuginfo-2.7.22-1.0.amzn1.i686
    puppet-2.7.22-1.0.amzn1.i686
    puppet-server-2.7.22-1.0.amzn1.i686

src:
    puppet-2.7.22-1.0.amzn1.src

x86_64:
    puppet-2.7.22-1.0.amzn1.x86_64
    puppet-debuginfo-2.7.22-1.0.amzn1.x86_64
    puppet-server-2.7.22-1.0.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started