Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
Synopsis
Important: Satellite 68 release
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat Satellite 68 for RHEL 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score,which giv ...
Debian Bug report logs -
#952925
CVE-2018-11751
Package:
src:puppet;
Maintainer for src:puppet is Puppet Package Maintainers <pkg-puppet-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Sun, 1 Mar 2020 22:09:01 UTC
Severity: important
Tags: upstream
Found in version puppet/55 ...