CVE-2013-4969

Publication date 26 December 2013

Last updated 24 July 2024


Ubuntu priority

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Read the notes from the security team

Status

Package Ubuntu Release Status
puppet 13.10 saucy
Fixed 3.2.4-2ubuntu2.2
13.04 raring
Fixed 2.7.18-4ubuntu1.3
12.10 quantal
Fixed 2.7.18-1ubuntu1.4
12.04 LTS precise
Fixed 2.7.11-1ubuntu2.6
10.04 LTS lucid Ignored end of life

Notes


mdeslaur

mitigated by Yama on default Ubuntu kernels

References

Related Ubuntu Security Notices (USN)

Other references