Debian Security Advisory
DSA-2352-1 puppet -- programming error
- Date Reported:
- 22 Nov 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-3872.
- More information:
It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the
certdnsnamesoption was used. This could lead to man in the middle attacks. More details are available on the Puppet web site.
For the oldstable distribution (lenny), this problem has been fixed in version 0.24.5-3+lenny2.
For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze3.
For the unstable distribution (sid), this problem has been fixed in version 2.7.6-1.
We recommend that you upgrade your puppet packages.