[CentOS] puppet, repos, security

ignasr at vault13.lt

ignasr at vault13.lt
Thu Oct 31 07:30:31 UTC 2013


Hello list,

I am using puppet 2.7.20 from rpmforge, with a build date of Wed 20 Mar 
2013. EPEL has an even older version.
Then I see this: http://puppetlabs.com/security/cve/cve-2013-3567 that 
was posted on the month of July 2013.

Do I understand correctly, that my puppet-master is vulnerable to remote 
code execution by every node that has access to master's port tcp/8140?

If so, then the only option to use puppet while being safe is to use 
puppetlabs repo, or build puppet myself?

Thank you
Ignas



More information about the CentOS mailing list