Candidate: CVE-2017-2292
PublicDate: 2017-06-30 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2292
 https://puppet.com/security/cve/cve-2017-2292
 https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0
Description:
 Versions of MCollective prior to 2.10.4 deserialized YAML from agents
 without calling safe_load, allowing the potential for arbitrary code
 execution on the server. The fix for this is to call YAML.safe_load on
 input. This has been tested in all Puppet-supplied MCollective plugins, but
 there is a chance that third-party plugins could rely on this insecure
 behavior.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866711
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L [9.0 CRITICAL]

Patches_mcollective:
upstream_mcollective: released (2.12.0+dfsg-1)
precise/esm_mcollective: DNE
trusty_mcollective: ignored (reached end-of-life)
trusty/esm_mcollective: DNE (trusty was needed)
vivid/ubuntu-core_mcollective: DNE
xenial_mcollective: ignored (end of standard support, was needed)
yakkety_mcollective: ignored (reached end-of-life)
zesty_mcollective: ignored (reached end-of-life)
artful_mcollective: ignored (reached end-of-life)
bionic_mcollective: needed
cosmic_mcollective: not-affected (2.12.1+dfsg-1)
disco_mcollective: not-affected (2.12.1+dfsg-1)
eoan_mcollective: not-affected (2.12.1+dfsg-1)
focal_mcollective: not-affected (2.12.1+dfsg-1)
groovy_mcollective: not-affected (2.12.1+dfsg-1)
hirsute_mcollective: not-affected (2.12.1+dfsg-1)
impish_mcollective: not-affected (2.12.1+dfsg-1)
jammy_mcollective: not-affected (2.12.1+dfsg-1)
devel_mcollective: not-affected (2.12.1+dfsg-1)