Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch
introduced a regression in Ubuntu 11.04 when executing certain
commands. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that Puppet incorrectly handled the non-default
'certdnsnames' option when generating certificates. If this setting
was added to puppet.conf, the puppet masterâ€™s DNS alt names were
added to the X.509 Subject Alternative Name field of all certificates,
not just the puppet masterâ€™s certificate. An attacker that has an
incorrect agent certificate in his possession can use it to
impersonate the puppet master in a man-in-the-middle attack.
Update the affected puppet-common package.
Risk factor :