SuSE 11.2 Security Update : puppet (SAT Patch Number 7526)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

puppet has been updated to fix 2.6.18 multiple vulnerabilities and
bugs.

- (#19391) Find the catalog for the specified node name

- Don't assume master supports SSLv2

- Don't require openssl client to return 0 on failure

- Display SSL messages so we can match our regex

- Don't assume puppetbindir is defined

- Remove unnecessary rubygems require

- Run openssl from windows when trying to downgrade master

- Separate tests for same CVEs into separate files

- Fix order-dependent test failure in rest_authconfig_spec

- Always read request body when using Rack

- (#19392) (CVE-2013-1653) Fix acceptance test to catch
unvalidated model on 2.6

- (#19392) (CVE-2013-1653) Validate indirection model in
save handler

- Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654,
2274, 2275)

- (#19531) (CVE-2013-2275) Only allow report save from the
node matching the certname

- (#19391) Backport Request#remote? method

- (#8858) Explicitly set SSL peer verification mode.

- (#8858) Refactor tests to use real HTTP objects

- (#19392) (CVE-2013-1653) Validate instances passed to
indirector

- (#19391) (CVE-2013-1652) Disallow use_node compiler
parameter for remote requests

- (#19151) Reject SSLv2 SSL handshakes and ciphers

- (#14093) Restore access to the filename in the template

- (#14093) Remove unsafe attributes from TemplateWrapper

See also :

https://bugzilla.novell.com/show_bug.cgi?id=809839
http://support.novell.com/security/cve/CVE-2013-1640.html
http://support.novell.com/security/cve/CVE-2013-1652.html
http://support.novell.com/security/cve/CVE-2013-1653.html
http://support.novell.com/security/cve/CVE-2013-1654.html
http://support.novell.com/security/cve/CVE-2013-1655.html
http://support.novell.com/security/cve/CVE-2013-2274.html
http://support.novell.com/security/cve/CVE-2013-2275.html

Solution :

Apply SAT patch number 7526.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 65796 ()

Bugtraq ID:

CVE ID: CVE-2013-1640
CVE-2013-1652
CVE-2013-1653
CVE-2013-1654
CVE-2013-1655
CVE-2013-2274
CVE-2013-2275

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now