Debian DSA-2352-1 : puppet - programming error

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote Debian host is missing a security-related update.

Description :

It was discovered that Puppet, a centralized configuration management
solution, misgenerated certificates if the 'certdnsnames' option was
used. This could lead to man in the middle attacks. More details are
available on the Puppet website.

See also :

Solution :

Upgrade the puppet packages.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.24.5-3+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 2.6.2-5+squeeze3.

Risk factor :

Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.3
Public Exploit Available : true

Family: Debian Local Security Checks

Nessus Plugin ID: 56923 ()

Bugtraq ID: 50356

CVE ID: CVE-2011-3872

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now