Puppet£¬ÊÇ»ùÓÚRubyµÄÒ»¸ö¹¤¾ß£¬¿ÉÒÔ¼¯ÖйÜÀíÿһ¸öÖØÒª·½Ã棬ʹÓõÄÊÇ¿çƽ̨µÄ¹æ·¶ÓïÑÔ£¬¹ÜÀíËùÓе¥¶ÀµÄÔªËØ£¬Í¨³£¾Û¼¯ÔÚ²»Í¬µÄÎļþ£¬ÈçÓû§£¬ CRON×÷Òµ£¬ºÍÖ÷»úÒ»ÆðµÄÀëÉ¢ÔªËØ£¬Èç°ü×°£¬·þÎñºÍÎļþ¡£
PuppetµÄ¼òµ¥³ÂÊö¹æ·¶ÓïÑÔµÄÄÜÁ¦ÌṩÁËÇ¿´óµÄclassingÖƶ¨ÁËÖ÷»úÖ®¼äµÄÏàËÆÖ®´¦£¬Í¬Ê±Ê¹ËûÃÇÄܹ»Ìṩ¾¡¿ÉÄܾßÌåµÄ±ØÒªµÄ£¬ËüÒÀÀµµÄÏȾöÌõ¼þºÍ¶ÔÏóÖ®¼äµÄ¹ØϵÇå³þ¶øÃ÷È·¡£
¼¯ÖÐʽϵͳ¹ÜÀí¹¤¾ßPuppet·¢²¼3.4.1/2.7.24¡£BugÐÞÕý°æ±¾¡£ÐÞÕýÒ»¸öCVE-2013-4969 (Unsafe use of temp files in file type)°²È«Â©¶´¡£2013-12-26 Éϸö°æ±¾ÊÇ2013-12-20µÄ3.4.0.ÆäËû²úÆ·Ïß3.2.4 3.1.1 3.0.2¡£
ÍêÈ«¸Ä½ø:
Puppet 3.4.1
Released December 26, 2013.
3.4.1 is a security fix release of the Puppet 3.4 series. It has no other bug fixes or new features.
Security Fixes
CVE-2013-4969 (Unsafe use of temp files in file type)
Previous code used temp files unsafely by looking for a name it could use in a directory, and then later writing to that file. This created a vulnerability in which an attacker could make the name a symlink to another file and thereby cause puppet agent to overwrite something it did not intend to.
ÏÂÔØ£ºhttp://downloads.puppetlabs.com/puppet/puppet-2.7.24.tar.gz
http://downloads.puppetlabs.com/puppet/puppet-3.4.1.tar.gz
À´×Ô:¿ªÔ´ÖйúÉçÇø
