Debian Security Advisory
DLA-29-1 puppet -- LTS security update
- Date Reported:
- 01 Aug 2014
- Affected Packages:
- puppet
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-6120.
- More information:
-
It was discovered that the puppet package did not restrict the permissions and ownership of the /var/log/puppet directory, which may expose sensitive information.
For Debian 6
Squeeze
, these issues have been fixed in puppet version 2.6.2-5+squeeze10