Puppet 3.4.2 Windows package updated for CVE-2013-6393

17 views
Skip to first unread message

Matthaus Owens

unread,
Feb 11, 2014, 4:33:42 PM2/11/14
to Puppet Users, puppe...@googlegroups.com, puppet-...@googlegroups.com
We have rebuilt our Windows package for Puppet 3.4.2 in response to CVE-2013-6393[1]. The package includes ruby 1.9.3-p484 compiled against an updated libyaml. It is available at http://downloads.puppetlabs.com/windows/puppet-3.4.2-20140211.msi

CVE-2013-6393 is a vulnerability in the libyaml library that could lead to a denial of service, and the possibility of arbitrary code execution.


--
Matthaus Owens
Release Manager, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco
Reply all
Reply to author
Forward
0 new messages