Debian Security Advisory

DLA-29-1 puppet -- LTS security update

Date Reported:
01 Aug 2014
Affected Packages:
puppet
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2012-6120.
More information:

It was discovered that the puppet package did not restrict the permissions and ownership of the /var/log/puppet directory, which may expose sensitive information.

For Debian 6 Squeeze, these issues have been fixed in puppet version 2.6.2-5+squeeze10