[ANN] Puppet agent 1.10.1 now available

13 views

Skip to first unread message

Jorie Tappa

unread,

May 11, 2017, 11:23:27 AM5/11/17

to puppe...@googlegroups.com

We have released Puppet agent 1.10.1.

This is a security release that includes bug fixes for several components. For a complete list of component updates, see the Puppet agent release notes: https://docs.puppet.com/puppet/4.10/release_notes_agent.html#puppet-agent-1101

In versions prior to Puppet agent 1.10.1, an authenticated agent could make a catalog request with facts encoded in YAML. The Puppet master did not properly validate and reject the request, resulting in the server loading arbitrary objects, which could lead to remote code execution. You should update to the latest version to resolve this security issue.

You can read about this in the CVE announcement: https://puppet.com/security/cve/cve-2017-2292

Or the Puppet release notes: https://docs.puppet.com/puppet/4.10/release_notes.html#puppet-4101

Jorie Tappa

Technical Writer @ Puppet

Jorie Tappa

unread,

May 11, 2017, 11:23:28 AM5/11/17

to puppe...@googlegroups.com

Reply all

Reply to author

Forward

0 new messages