_______________________________________________________________________
Package : puppet
Date : August 27, 2013
_______________________________________________________________________
Problem Description:
Updated puppet and puppet3 package fix security vulnerabilities:
It was discovered that Puppet incorrectly handled the resource_type
service. A local attacker on the master could use this issue to
execute arbitrary Ruby files (CVE-2013-4761).
It was discovered that Puppet incorrectly handled permissions on the
modules it installed. Modules could be installed with the permissions
that existed when they were built, possibly exposing them to a local
attacker (CVE-2013-4956).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956http://advisories.mageia.org/MGASA-2013-0259.html_______________________________________________________________________
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
https://www.v2ex.com/t/80537
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.