Debian Security Advisory DSA 2511-1 (puppet)

Summary
The remote host is missing an update to puppet announced via advisory DSA 2511-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202511-1
Insight
Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 Authenticated clients could read arbitrary files on the puppet master. CVE-2012-3865 Authenticated clients could delete arbitrary files on the puppet master. CVE-2012-3866 The report of the most recent Puppet run was stored with world- readable permissions, resulting in information disclosure. CVE-2012-3867 Agent hostnames were insufficiently validated. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 2.7.18-1. We recommend that you upgrade your puppet packages.