Ubuntu Update For Puppet USN-1238-2 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1238-2

Solution

Please Install the Updated Packages.

Insight

USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled the non-default &quot certdnsnames&quot option when generating certificates. If this setting was added to puppet.conf, the puppet master&#8217 s DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master&#8217 s certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.

Affected

puppet on Ubuntu 11.04

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-October/001466.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3872

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for puppet USN-1238-2

Take action and discover your vulnerabilities