Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.4.2013.0618.1 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory (SUSE-SU-2013:0618-1) |
Summary: | The remote host is missing an update for the 'puppet' package(s) announced via the SUSE-SU-2013:0618-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'puppet' package(s) announced via the SUSE-SU-2013:0618-1 advisory. Vulnerability Insight: puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs. * (#19391) Find the catalog for the specified node name * Don't assume master supports SSLv2 * Don't require openssl client to return 0 on failure * Display SSL messages so we can match our regex * Don't assume puppetbindir is defined * Remove unnecessary rubygems require * Run openssl from windows when trying to downgrade master * Separate tests for same CVEs into separate files * Fix order-dependent test failure in rest_authconfig_spec * Always read request body when using Rack * (#19392) (CVE-2013-1653) Fix acceptance test to catch unvalidated model on 2.6 * (#19392) (CVE-2013-1653) Validate indirection model in save handler * Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654, 2274, 2275) * (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname * (#19391) Backport Request#remote? method * (#8858) Explicitly set SSL peer verification mode. * (#8858) Refactor tests to use real HTTP objects * (#19392) (CVE-2013-1653) Validate instances passed to indirector * (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests * (#19151) Reject SSLv2 SSL handshakes and ciphers * (#14093) Restore access to the filename in the template * (#14093) Remove unsafe attributes from TemplateWrapper Security Issue references: * CVE-2013-2275 > * CVE-2013-2274 > * CVE-2013-1655 > * CVE-2013-1654 > * CVE-2013-1653 > * CVE-2013-1652 > * CVE-2013-1640 > Affected Software/OS: 'puppet' package(s) on SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Server 11 SP2. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-1640 Debian Security Information: DSA-2643 (Google Search) http://www.debian.org/security/2013/dsa-2643 RedHat Security Advisories: RHSA-2013:0710 http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 SuSE Security Announcement: SUSE-SU-2013:0618 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html SuSE Security Announcement: openSUSE-SU-2013:0641 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://ubuntu.com/usn/usn-1759-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1652 BugTraq ID: 58443 http://www.securityfocus.com/bid/58443 Common Vulnerability Exposure (CVE) ID: CVE-2013-1653 BugTraq ID: 58446 http://www.securityfocus.com/bid/58446 Common Vulnerability Exposure (CVE) ID: CVE-2013-1654 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Common Vulnerability Exposure (CVE) ID: CVE-2013-1655 BugTraq ID: 58442 http://www.securityfocus.com/bid/58442 Common Vulnerability Exposure (CVE) ID: CVE-2013-2274 BugTraq ID: 58447 http://www.securityfocus.com/bid/58447 Common Vulnerability Exposure (CVE) ID: CVE-2013-2275 BugTraq ID: 58449 http://www.securityfocus.com/bid/58449 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |