It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the certdnsnames option was used. This could lead to man in the middle attacks. More details are available on the Puppet web site. For the oldstable distribution (lenny), this problem has been fixed in version 0.24.5-3+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 2.7.6-1. We recommend that you upgrade your puppet packages.
It was discovered that Puppet, a centralized configuration management
solution, misgenerated certificates if the certdnsnames
option was
used. This could lead to man in the middle attacks. More details are
available on the Puppet web site.
For the oldstable distribution (lenny), this problem has been fixed in version 0.24.5-3+lenny2.
For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze3.
For the unstable distribution (sid), this problem has been fixed in version 2.7.6-1.
We recommend that you upgrade your puppet packages.