Announce: Hiera 1.3.4 [ Security Release ]
17 views
Skip to first unread message
Moses Mendoza
Jun 10, 2014, 2:17:05 PM6/10/14
to puppet-...@googlegroups.com, puppet...@googlegroups.com, puppe...@googlegroups.com
Hiera 1.3.4 is a security fix release in the Hiera 1.3 series. This
release addresses CVE-2014-3248. It has no other bug fixes or new
features. All users of Hiera 1.3.3 and earlier are encouraged to
update to 1.3.4.
** CVE-2014-3248 **
Arbitrary Code Execution with Required Social Engineering
An attacker could convince an administrator to unknowingly create and
execute malicious code on platforms with Ruby 1.9.1 and earlier.
CVSSv2 Score: 5.9
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C
Affected Hiera versions (ruby 1.9.1 and earlier platforms only):
All
Fixed Hiera versions:
1.3.4
See the Release Notes here:
http://docs.puppetlabs.com/hiera/1/release_notes.html#hiera-134
To install Hiera, follow the installation guide:
http://docs.puppetlabs.com/hiera/1/installing.html
For more information on this vulnerability, please visit
https://puppetlabs.com/security/cve/cve-2014-3248
To report issues with the release, file a ticket in the "HI" project
on http://tickets.puppetlabs.com/ and set the "Affects version/s"
field to "1.3.4"
--
Moses Mendoza
Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
Register by July 31st to take advantage of the Early Bird discount —save $249!
release addresses CVE-2014-3248. It has no other bug fixes or new
features. All users of Hiera 1.3.3 and earlier are encouraged to
update to 1.3.4.
** CVE-2014-3248 **
Arbitrary Code Execution with Required Social Engineering
An attacker could convince an administrator to unknowingly create and
execute malicious code on platforms with Ruby 1.9.1 and earlier.
CVSSv2 Score: 5.9
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C
Affected Hiera versions (ruby 1.9.1 and earlier platforms only):
All
Fixed Hiera versions:
1.3.4
See the Release Notes here:
http://docs.puppetlabs.com/hiera/1/release_notes.html#hiera-134
To install Hiera, follow the installation guide:
http://docs.puppetlabs.com/hiera/1/installing.html
For more information on this vulnerability, please visit
https://puppetlabs.com/security/cve/cve-2014-3248
To report issues with the release, file a ticket in the "HI" project
on http://tickets.puppetlabs.com/ and set the "Affects version/s"
field to "1.3.4"
--
Moses Mendoza
Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
Register by July 31st to take advantage of the Early Bird discount —save $249!
Reply all
Reply to author
Forward
0 new messages