CVE-2014-7170

NameCVE-2014-7170
DescriptionRace condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
puppetserver (PTS)bookworm7.9.5-2+deb12u1fixed
sid, trixie8.7.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
puppetserversource(unstable)(not affected)

Notes

- puppetserver <not-affected> (Upstream-specific packaging bug)
https://puppet.com/security/cve/cve-2014-7170
Is actually a packaging bug in upstream provided packages fixed in 0.2.0.

Search for package or bug name: Reporting problems