Ubuntu Update For Puppet Vulnerabilities USN-917-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-917-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. (CVE-2009-3564) It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files. (CVE-2010-0156)

Affected

puppet vulnerabilities on Ubuntu 9.10

Severity

Classification

CVE CVE-2009-3564, CVE-2010-0156

CVSS	Base Score: 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Ubuntu Update for bind9 vulnerability USN-491-1
Ubuntu Update for audiofile vulnerability USN-912-1
Ubuntu Update for curl USN-2097-1
Ubuntu Update for dbus USN-1176-1
Ubuntu Update for dovecot USN-2213-1

Ubuntu Update for puppet vulnerabilities USN-917-1

Take action and discover your vulnerabilities