Hello list, I am using puppet 2.7.20 from rpmforge, with a build date of Wed 20 Mar 2013. EPEL has an even older version. Then I see this: http://puppetlabs.com/security/cve/cve-2013-3567 that was posted on the month of July 2013. Do I understand correctly, that my puppet-master is vulnerable to remote code execution by every node that has access to master's port tcp/8140? If so, then the only option to use puppet while being safe is to use puppetlabs repo, or build puppet myself? Thank you Ignas _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
puppet, repos, security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: puppet, repos, security
- From: "ignasr@xxxxxxxxxx" <ignasr@xxxxxxxxxx>
- Date: Thu, 31 Oct 2013 09:30:31 +0200
- Delivered-to: centos@xxxxxxxxxx
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
- Follow-Ups:
- Re: puppet, repos, security
- From: James Hogarth
- Re: puppet, repos, security
- Prev by Date: Re: How should I reinstall CentOS?
- Next by Date: Re: puppet, repos, security
- Previous by thread: yum fails in FIPS mode
- Next by thread: Re: puppet, repos, security
- Index(es):
 |