Information on source package puppet

Available versions

ReleaseVersion
jessie (security)3.7.2-4+deb8u1
stretch4.8.2-5
buster5.5.8-1
sid5.5.8-1

Open issues

BugjessiestretchbustersidDescription
CVE-2017-10689vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn previous versions of Puppet Agent it was possible to install a ...

Resolved issues

BugDescription
TEMP-0000000-B4B71FFix file indirectory injection
CVE-2018-6516On Windows only, with a specifically crafted configuration file an ...
CVE-2018-6515Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to ...
CVE-2018-6513Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise ...
CVE-2018-6512The previous version of Puppet Enterprise 2018.1 is vulnerable to ...
CVE-2018-6511A cross-site scripting vulnerability in Puppet Enterprise Console of ...
CVE-2018-6510A cross-site scripting vulnerability in Puppet Enterprise Console of ...
CVE-2018-11749When users are configured to use startTLS with RBAC LDAP, at login ...
CVE-2017-2297Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not ...
CVE-2017-2296In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...
CVE-2017-2295Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...
CVE-2017-2294Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...
CVE-2017-2293Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped ...
CVE-2017-10690In previous versions of Puppet Agent it was possible for the agent to ...
CVE-2016-9686The Puppet Communications Protocol (PCP) Broker incorrectly validates ...
CVE-2016-5716The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 ...
CVE-2016-5715Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...
CVE-2016-5714Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet ...
CVE-2016-5713Versions of Puppet Agent prior to 1.6.0 included a version of the ...
CVE-2016-2787The Puppet Communications Protocol in Puppet Enterprise 2015.3.x ...
CVE-2016-2786The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 ...
CVE-2016-2785Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before ...
CVE-2015-7331The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows ...
CVE-2015-7328Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and ...
CVE-2015-6501Open redirect vulnerability in the Console in Puppet Enterprise before ...
CVE-2015-4100Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated ...
CVE-2014-9355Puppet Enterprise before 3.7.1 allows remote authenticated users to ...
CVE-2014-3250The default vhost configuration file in Puppet before 3.6.2 does not ...
CVE-2014-3249Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...
CVE-2014-3248Untrusted search path vulnerability in Puppet Enterprise 2.8 before ...
CVE-2013-4971Puppet Enterprise before 3.2.0 does not properly restrict access to ...
CVE-2013-4969Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) ...
CVE-2013-4968
CVE-2013-4967Puppet Enterprise before 3.0.1 allows remote attackers to obtain the ...
CVE-2013-4966The master external node classification script in Puppet Enterprise ...
CVE-2013-4965Puppet Enterprise before 3.1.0 does not properly restrict the number ...
CVE-2013-4964Puppet Enterprise before 3.0.1 does not set the secure flag for the ...
CVE-2013-4963Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet ...
CVE-2013-4962The reset password page in Puppet Enterprise before 3.0.1 does not ...
CVE-2013-4961Puppet Enterprise before 3.0.1 includes version information for the ...
CVE-2013-4959Puppet Enterprise before 3.0.1 uses HTTP responses that contain ...
CVE-2013-4958Puppet Enterprise before 3.0.1 does not use a session timeout, which ...
CVE-2013-4956Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and ...
CVE-2013-4955Open redirect vulnerability in the login page in Puppet Enterprise ...
CVE-2013-4762Puppet Enterprise before 3.0.1 does not sufficiently invalidate a ...
CVE-2013-4761Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x ...
CVE-2013-4073The OpenSSL::SSL.verify_certificate_identity function in ...
CVE-2013-3567Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet ...
CVE-2013-2275The default configuration for puppet masters 0.25.0 and later in ...
CVE-2013-2274Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 ...
CVE-2013-1655Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby ...
CVE-2013-1654Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet ...
CVE-2013-1653Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...
CVE-2013-1652Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...
CVE-2013-1640The (1) template and (2) inline_template functions in the master ...
CVE-2013-1399Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...
CVE-2013-1398The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does ...
CVE-2012-6120Red Hat OpenStack Essex and Folsom creates the /var/log/puppet ...
CVE-2012-5158Puppet Enterprise (PE) before 2.6.1 does not properly invalidate ...
CVE-2012-3867lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and ...
CVE-2012-3866lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet ...
CVE-2012-3865Directory traversal vulnerability in lib/puppet/reports/store.rb in ...
CVE-2012-3864Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise ...
CVE-2012-3408lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet ...
CVE-2012-1989telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) ...
CVE-2012-1988Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...
CVE-2012-1987Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x ...
CVE-2012-1986Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...
CVE-2012-1906Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...
CVE-2012-1054Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet ...
CVE-2012-1053The change_user method in the SUIDManager ...
CVE-2011-3872Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet ...
CVE-2011-3871Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when ...
CVE-2011-3870Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows ...
CVE-2011-3869Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows ...
CVE-2011-3848Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and ...
CVE-2011-0528Puppet 2.6.0 through 2.6.3 does not properly restrict access to node ...
CVE-2010-0156Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local ...
CVE-2009-3564puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...

Security announcements

DSA / DLADescription
DLA-1012-1puppet - security update
DSA-3862-1puppet - security update
DLA-29-1puppet - security update
DSA-2831-1puppet - insecure temporary files
DSA-2831-1puppet - insecure temporary files
DSA-2761-1puppet - several
DSA-2715-1puppet - code execution
DSA-2715-1puppet - code execution
DSA-2643-1puppet - several issues
DSA-2511-1puppet - several
DSA-2451-1puppet - several
DSA-2419-1puppet - several
DSA-2352-1puppet - programming error
DSA-2352-1puppet - programming error
DSA-2314-1puppet - several

Search for package or bug name: Reporting problems