SuSE 11.1 Security Update : puppet (SAT Patch Number 5421)
Medium Nessus Plugin ID 57129
The remote SuSE 11 host is missing one or more security updates.
The following security issues have been fixed : - Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks. (CVE-2011-3872) Note: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents. Please refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0. 0.5 for detailed instructions and scripts. Puppetlabs' site also provides more information: http://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announceme nt-altnames-vulnerability/ - Directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations. (CVE-2011-3848) - Puppet was prone to several symlink attacks (CVE-2011-3870 / CVE-2011-3869 / CVE-2011-3871)