Amazon Linux 1 Security Advisory: ALAS-2014-288
Advisory Release Date: 2014-02-03 15:28 Pacific
Advisory Updated Date: 2014-09-16 22:31 Pacific
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
Affected Packages:
puppet
Issue Correction:
Run yum update puppet to update your system.
i686:
puppet-2.7.25-1.2.amzn1.i686
puppet-server-2.7.25-1.2.amzn1.i686
puppet-debuginfo-2.7.25-1.2.amzn1.i686
src:
puppet-2.7.25-1.2.amzn1.src
x86_64:
puppet-debuginfo-2.7.25-1.2.amzn1.x86_64
puppet-2.7.25-1.2.amzn1.x86_64
puppet-server-2.7.25-1.2.amzn1.x86_64