Fedora 26: puppet Security Update
Summary
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.
Contains fixes to ensure Puppet can start correctly and a security fix for
remote code execution tracked as
[CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654). * Fix
remote code execution in Puppet master during fact uploads - Fedora#1452654 *
Fix SSL monkey patches error on startup - Fedora#1440710 , Fedora#1443673 * Fix
xmlrpc/client require error on startup - Fedora#1443673
[ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization
https://bugzilla.redhat.com/show_bug.cgi?id=1452651
su -c 'dnf upgrade puppet' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2017-b9b66117bb 2017-06-09 18:48:36.540434 Product : Fedora 26 Version : 4.6.2 Release : 4.fc26 URL : https://www.puppet.com/ Summary : A network tool for managing many disparate systems Description : Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. Contains fixes to ensure Puppet can start correctly and a security fix for remote code execution tracked as [CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654). * Fix remote code execution in Puppet master during fact uploads - Fedora#1452654 * Fix SSL monkey patches error on startup - Fedora#1440710 , Fedora#1443673 * Fix xmlrpc/client require error on startup - Fedora#1443673 [ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization https://bugzilla.redhat.com/show_bug.cgi?id=1452651 su -c 'dnf upgrade puppet' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References