Amazon Linux 1 Security Advisory: ALAS-2013-213
Advisory Release Date: 2013-07-12 15:57 Pacific
Advisory Updated Date: 2014-09-15 23:18 Pacific
Severity:
Critical
Issue Overview:
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Affected Packages:
puppet
Issue Correction:
Run yum update puppet to update your system.
New Packages:
i686:
puppet-debuginfo-2.7.22-1.0.amzn1.i686
puppet-2.7.22-1.0.amzn1.i686
puppet-server-2.7.22-1.0.amzn1.i686
src:
puppet-2.7.22-1.0.amzn1.src
x86_64:
puppet-2.7.22-1.0.amzn1.x86_64
puppet-debuginfo-2.7.22-1.0.amzn1.x86_64
puppet-server-2.7.22-1.0.amzn1.x86_64