Puppet: Multiple vulnerabilities Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. puppet August 23, 2013 August 23, 2013: 1 456002 461656 473720 481186 remote 2.7.23 2.7.23

Puppet is a system configuration management tool written in Ruby.

Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details.

A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.

There is no known workaround at this time.

All Puppet users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.23" CVE-2012-6120 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 ackle ackle