CVE-2017-2295

NameCVE-2017-2295
DescriptionVersions of Puppet prior to 4.10.1 will deserialize data off the wire ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1012-1, DSA-3862-1
Debian Bugs863212

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
puppet (PTS)stretch4.8.2-5fixed
buster5.5.10-4fixed
bullseye, sid5.5.19-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
puppetsource(unstable)4.8.2-5863212
puppetsourcejessie3.7.2-4+deb8u1DSA-3862-1
puppetsourcewheezy2.7.23-1~deb7u4DLA-1012-1

Notes

https://puppet.com/security/cve/cve-2017-2295
https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea

Search for package or bug name: Reporting problems