CVE-2013-1655

Publication date 12 March 2013

Last updated 24 July 2024


Ubuntu priority

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

Status

Package Ubuntu Release Status
puppet 12.10 quantal
Fixed 2.7.18-1ubuntu1.1
12.04 LTS precise
Fixed 2.7.11-1ubuntu2.2
11.10 oneiric
Fixed 2.7.1-1ubuntu3.8
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life

References

Related Ubuntu Security Notices (USN)

Other references