Mandriva Linux Security Advisory : puppet (MDVSA-2013:222)
Medium Nessus Plugin ID 69491
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated puppet and puppet3 package fix security vulnerabilities :
It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files (CVE-2013-4761).
It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker (CVE-2013-4956).
SolutionUpdate the affected puppet and / or puppet-server packages.