CVE-2013-1640

Priority
Description
The (1) template and (2) inline_template functions in the master server in
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote
authenticated users to execute arbitrary code via a crafted catalog
request.
Assigned-to
mdeslaur
Notes
mdeslaurUpstream no longer supports 0.25.x as found in lucid. The code
is substantially different, rendering a backport of this
security update difficult. Since puppet in Lucid is almost
end-of-life, we aren't planning on backporting the security fix
to it. For Lucid users, we recommend using puppet
2.7.1-1ubuntu3.8~ubuntu10.04.1 currently in lucid-backports.
Package
Upstream:released (2.6.18, 2.7.21, 3.1.1)
More Information

Updated: 2019-12-05 21:03:10 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)