FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374826
Date:      2014-12-16
Time:      22:06:31Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2b2f6092-0694-11e3-9e8e-000c29f6ae42puppet -- multiple vulnerabilities

Puppet Labs reports:

By using the `resource_type` service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, `auth.conf` settings could be modified to allow it. The exploit requires local file system access to the Puppet Master.

Puppet Module Tool (PMT) did not correctly control permissions of modules it installed, instead transferring permissions that existed when the module was built.


Discovery 2013-07-05
Entry 2013-08-16
puppet
ge 2.7 lt 2.7.23

ge 3.0 lt 3.2.4

CVE-2013-4761
CVE-2013-4956
http://puppetlabs.com/security/cve/cve-2013-4761/
http://puppetlabs.com/security/cve/cve-2013-4956/