CVE-2013-4969

Priority
Low
Description
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before
2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files
via a symlink attack on unspecified files.
References
Notes
mdeslaur> mitigated by Yama on default Ubuntu kernels
Assigned-to
mdeslaur
Package
Upstream:released (2.7.24,3.3.3)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.7.11-1ubuntu2.6)
Ubuntu 12.10 (Quantal Quetzal):released (2.7.18-1ubuntu1.4)
Ubuntu 13.04 (Raring Ringtail):released (2.7.18-4ubuntu1.3)
Ubuntu 13.10 (Saucy Salamander):released (3.2.4-2ubuntu2.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.3.1-1ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-08 15:14:45 UTC (commit 7610)