Announce: Facter 2.0.2 [ Security Release ]
23 views
Skip to first unread message
Moses Mendoza
Jun 10, 2014, 2:17:34 PM6/10/14
to puppet-...@googlegroups.com, puppet...@googlegroups.com, puppe...@googlegroups.com
Facter 2.0.2 is a security fix release in the Facter 2 series. This
release addresses CVE-2014-3248. It has no other bug fixes or new
features. All users of Facter 2.0.1 and earlier are encouraged to
update to 2.0.2.
** CVE-2014-3248 **
Arbitrary Code Execution with Required Social Engineering
An attacker could convince an administrator to unknowingly create and
execute malicious code on platforms with Ruby 1.9.1 and earlier.
CVSSv2 Score: 5.2
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Affected Facter versions (ruby 1.9.1 and earlier only):
2.x
1.6.x
Fixed Facter versions:
2.0.2
See the Release Notes here:
http://docs.puppetlabs.com/facter/2.0/release_notes.html#facter-202
For more information on this vulnerability, please visit
https://puppetlabs.com/security/cve/cve-2014-3248
To report issues with the release, file a ticket in the "FACT" project
on http://tickets.puppetlabs.com/ and set the "Affects version/s"
field to "2.0.2"
--
Moses Mendoza
Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
Register by July 31st to take advantage of the Early Bird discount —save $249!
release addresses CVE-2014-3248. It has no other bug fixes or new
features. All users of Facter 2.0.1 and earlier are encouraged to
update to 2.0.2.
** CVE-2014-3248 **
Arbitrary Code Execution with Required Social Engineering
An attacker could convince an administrator to unknowingly create and
execute malicious code on platforms with Ruby 1.9.1 and earlier.
CVSSv2 Score: 5.2
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Affected Facter versions (ruby 1.9.1 and earlier only):
2.x
1.6.x
Fixed Facter versions:
2.0.2
See the Release Notes here:
http://docs.puppetlabs.com/facter/2.0/release_notes.html#facter-202
For more information on this vulnerability, please visit
https://puppetlabs.com/security/cve/cve-2014-3248
To report issues with the release, file a ticket in the "FACT" project
on http://tickets.puppetlabs.com/ and set the "Affects version/s"
field to "2.0.2"
--
Moses Mendoza
Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
Register by July 31st to take advantage of the Early Bird discount —save $249!
Reply all
Reply to author
Forward
0 new messages