ALAS-2014-288


Amazon Linux AMI Security Advisory: ALAS-2014-288
Advisory Release Date: 2014-09-16 22:31 Pacific
Severity: Low
References: CVE-2013-4969 

Issue Overview:

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.


Affected Packages:

puppet


Issue Correction:
Run yum update puppet to update your system.

New Packages:
i686:
    puppet-2.7.25-1.2.amzn1.i686
    puppet-server-2.7.25-1.2.amzn1.i686
    puppet-debuginfo-2.7.25-1.2.amzn1.i686

src:
    puppet-2.7.25-1.2.amzn1.src

x86_64:
    puppet-debuginfo-2.7.25-1.2.amzn1.x86_64
    puppet-2.7.25-1.2.amzn1.x86_64
    puppet-server-2.7.25-1.2.amzn1.x86_64