SUSE-RU-2015:0696-1 - Vulnerability-Lookup

SUSE-RU-2015:0696-1

Vulnerability from csaf_suse - Published: 2014-06-30 15:48 - Updated: 2014-06-30 15:48

Summary

Security update for puppet

Severity

Moderate

Notes

Title of the patch: Security update for puppet

Description of the patch: Puppet was updated to fix the following security issues: * Unsafe use of temporary files. (CVE-2013-4969) * Arbitrary code execution with required social engineering. (CVE-2014-3248, CVE-2014-3250) Security Issues references: * CVE-2014-3248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248> * CVE-2013-4969 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969> * CVE-2014-3250 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250>

Patchnames: sledsp3-puppet,slessp3-puppet

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2013-3567

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2013-4761

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2013-4969

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2014-3248

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2014-3250

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-updates/2015…	self
	https://bugzilla.suse.com/825878	self
	https://bugzilla.suse.com/835122	self
	https://bugzilla.suse.com/835848	self
	https://bugzilla.suse.com/835891	self
	https://bugzilla.suse.com/853982	self
	https://bugzilla.suse.com/856843	self
	https://bugzilla.suse.com/864082	self
	https://bugzilla.suse.com/879913	self
	https://bugzilla.suse.com/913078	self
	https://www.suse.com/security/cve/CVE-2013-3567/	self
	https://www.suse.com/security/cve/CVE-2013-4761/	self
	https://www.suse.com/security/cve/CVE-2013-4969/	self
	https://www.suse.com/security/cve/CVE-2014-3248/	self
	https://www.suse.com/security/cve/CVE-2014-3250/	self
	https://www.suse.com/security/cve/CVE-2013-3567	external
	https://bugzilla.suse.com/1040151	external
	https://bugzilla.suse.com/825878	external
	https://bugzilla.suse.com/880224	external
	https://www.suse.com/security/cve/CVE-2013-4761	external
	https://bugzilla.suse.com/835122	external
	https://bugzilla.suse.com/836962	external
	https://bugzilla.suse.com/880224	external
	https://www.suse.com/security/cve/CVE-2013-4969	external
	https://bugzilla.suse.com/856843	external
	https://www.suse.com/security/cve/CVE-2014-3248	external
	https://bugzilla.suse.com/879913	external
	https://www.suse.com/security/cve/CVE-2014-3250	external
	https://bugzilla.suse.com/879913	external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for puppet",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nPuppet was updated to fix the following security issues:\n\n    * Unsafe use of temporary files. (CVE-2013-4969)\n    * Arbitrary code execution with required social engineering.\n      (CVE-2014-3248, CVE-2014-3250)\n\nSecurity Issues references:\n\n    * CVE-2014-3248\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248\u003e\n    * CVE-2013-4969\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969\u003e\n    * CVE-2014-3250\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250\u003e\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sledsp3-puppet,slessp3-puppet",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2015_0696-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-RU-2015:0696-1",
        "url": "https://www.suse.com/support/update/announcement//suse-ru-20150696-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-RU-2015:0696-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2015-April/002875.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 825878",
        "url": "https://bugzilla.suse.com/825878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 835122",
        "url": "https://bugzilla.suse.com/835122"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 835848",
        "url": "https://bugzilla.suse.com/835848"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 835891",
        "url": "https://bugzilla.suse.com/835891"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 853982",
        "url": "https://bugzilla.suse.com/853982"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 856843",
        "url": "https://bugzilla.suse.com/856843"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 864082",
        "url": "https://bugzilla.suse.com/864082"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 879913",
        "url": "https://bugzilla.suse.com/879913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 913078",
        "url": "https://bugzilla.suse.com/913078"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-3567 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-3567/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4761 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4761/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4969 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4969/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-3248 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-3248/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-3250 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-3250/"
      }
    ],
    "title": "Security update for puppet",
    "tracking": {
      "current_release_date": "2014-06-30T15:48:55Z",
      "generator": {
        "date": "2014-06-30T15:48:55Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-RU-2015:0696-1",
      "initial_release_date": "2014-06-30T15:48:55Z",
      "revision_history": [
        {
          "date": "2014-06-30T15:48:55Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "puppet-2.6.18-0.16.1.i586",
                "product": {
                  "name": "puppet-2.6.18-0.16.1.i586",
                  "product_id": "puppet-2.6.18-0.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "puppet-server-2.6.18-0.16.1.i586",
                "product": {
                  "name": "puppet-server-2.6.18-0.16.1.i586",
                  "product_id": "puppet-server-2.6.18-0.16.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "puppet-2.6.18-0.16.1.ia64",
                "product": {
                  "name": "puppet-2.6.18-0.16.1.ia64",
                  "product_id": "puppet-2.6.18-0.16.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "puppet-server-2.6.18-0.16.1.ia64",
                "product": {
                  "name": "puppet-server-2.6.18-0.16.1.ia64",
                  "product_id": "puppet-server-2.6.18-0.16.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "puppet-2.6.18-0.16.1.ppc64",
                "product": {
                  "name": "puppet-2.6.18-0.16.1.ppc64",
                  "product_id": "puppet-2.6.18-0.16.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "puppet-server-2.6.18-0.16.1.ppc64",
                "product": {
                  "name": "puppet-server-2.6.18-0.16.1.ppc64",
                  "product_id": "puppet-server-2.6.18-0.16.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "puppet-2.6.18-0.16.1.s390x",
                "product": {
                  "name": "puppet-2.6.18-0.16.1.s390x",
                  "product_id": "puppet-2.6.18-0.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "puppet-server-2.6.18-0.16.1.s390x",
                "product": {
                  "name": "puppet-server-2.6.18-0.16.1.s390x",
                  "product_id": "puppet-server-2.6.18-0.16.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "puppet-2.6.18-0.16.1.x86_64",
                "product": {
                  "name": "puppet-2.6.18-0.16.1.x86_64",
                  "product_id": "puppet-2.6.18-0.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "puppet-server-2.6.18-0.16.1.x86_64",
                "product": {
                  "name": "puppet-server-2.6.18-0.16.1.x86_64",
                  "product_id": "puppet-server-2.6.18-0.16.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 11 SP3",
                  "product_id": "SUSE Linux Enterprise Desktop 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sled:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:11:sp3:teradata"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.s390x as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x"
        },
        "product_reference": "puppet-2.6.18-0.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.s390x as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x"
        },
        "product_reference": "puppet-2.6.18-0.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x"
        },
        "product_reference": "puppet-2.6.18-0.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "puppet-server-2.6.18-0.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        },
        "product_reference": "puppet-server-2.6.18-0.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-3567",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-3567"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-3567",
          "url": "https://www.suse.com/security/cve/CVE-2013-3567"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040151 for CVE-2013-3567",
          "url": "https://bugzilla.suse.com/1040151"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 825878 for CVE-2013-3567",
          "url": "https://bugzilla.suse.com/825878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 880224 for CVE-2013-3567",
          "url": "https://bugzilla.suse.com/880224"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2014-06-30T15:48:55Z",
          "details": "important"
        }
      ],
      "title": "CVE-2013-3567"
    },
    {
      "cve": "CVE-2013-4761",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4761"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4761",
          "url": "https://www.suse.com/security/cve/CVE-2013-4761"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 835122 for CVE-2013-4761",
          "url": "https://bugzilla.suse.com/835122"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 836962 for CVE-2013-4761",
          "url": "https://bugzilla.suse.com/836962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 880224 for CVE-2013-4761",
          "url": "https://bugzilla.suse.com/880224"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2014-06-30T15:48:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-4761"
    },
    {
      "cve": "CVE-2013-4969",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4969"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4969",
          "url": "https://www.suse.com/security/cve/CVE-2013-4969"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 856843 for CVE-2013-4969",
          "url": "https://bugzilla.suse.com/856843"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2014-06-30T15:48:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-4969"
    },
    {
      "cve": "CVE-2014-3248",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-3248"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-3248",
          "url": "https://www.suse.com/security/cve/CVE-2014-3248"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 879913 for CVE-2014-3248",
          "url": "https://bugzilla.suse.com/879913"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2014-06-30T15:48:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-3248"
    },
    {
      "cve": "CVE-2014-3250",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-3250"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-3250",
          "url": "https://www.suse.com/security/cve/CVE-2014-3250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 879913 for CVE-2014-3250",
          "url": "https://bugzilla.suse.com/879913"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.16.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2014-06-30T15:48:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-3250"
    }
  ]
}

CVE-2013-3567 (GCVE-0-2013-3567)

Vulnerability from cvelistv5 – Published: 2013-08-19 23:00 – Updated: 2024-08-06 16:14

Summary

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/54429	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2013/dsa-2715	vendor-advisoryx_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-1886-1	vendor-advisoryx_refsource_UBUNTU
	https://puppetlabs.com/security/cve/cve-2013-3567/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-1284.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-1283.html	vendor-advisoryx_refsource_REDHAT

Date Public ?

2013-06-18 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54429"
          },
          {
            "name": "SUSE-SU-2013:1304",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2013:1370",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html"
          },
          {
            "name": "DSA-2715",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2715"
          },
          {
            "name": "USN-1886-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1886-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppetlabs.com/security/cve/cve-2013-3567/"
          },
          {
            "name": "RHSA-2013:1284",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
          },
          {
            "name": "RHSA-2013:1283",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-30T09:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "54429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54429"
        },
        {
          "name": "SUSE-SU-2013:1304",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2013:1370",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html"
        },
        {
          "name": "DSA-2715",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2715"
        },
        {
          "name": "USN-1886-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1886-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppetlabs.com/security/cve/cve-2013-3567/"
        },
        {
          "name": "RHSA-2013:1284",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
        },
        {
          "name": "RHSA-2013:1283",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54429",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54429"
            },
            {
              "name": "SUSE-SU-2013:1304",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2013:1370",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html"
            },
            {
              "name": "DSA-2715",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2715"
            },
            {
              "name": "USN-1886-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1886-1"
            },
            {
              "name": "https://puppetlabs.com/security/cve/cve-2013-3567/",
              "refsource": "CONFIRM",
              "url": "https://puppetlabs.com/security/cve/cve-2013-3567/"
            },
            {
              "name": "RHSA-2013:1284",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
            },
            {
              "name": "RHSA-2013:1283",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3567",
    "datePublished": "2013-08-19T23:00:00.000Z",
    "dateReserved": "2013-05-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:14:56.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3248 (GCVE-0-2014-3248)

Vulnerability from cvelistv5 – Published: 2014-11-16 17:00 – Updated: 2024-08-06 10:35

Summary

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://puppetlabs.com/security/cve/cve-2014-3248	x_refsource_CONFIRM
	http://secunia.com/advisories/59197	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59200	third-party-advisoryx_refsource_SECUNIA
	http://rowediness.com/2014/06/13/cve-2014-3248-a-…	x_refsource_MISC
	http://www.securityfocus.com/bid/68035	vdb-entryx_refsource_BID

Date Public ?

2014-06-10 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2014-3248"
          },
          {
            "name": "59197",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59197"
          },
          {
            "name": "59200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59200"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
          },
          {
            "name": "68035",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-16T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2014-3248"
        },
        {
          "name": "59197",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59197"
        },
        {
          "name": "59200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59200"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
        },
        {
          "name": "68035",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://puppetlabs.com/security/cve/cve-2014-3248",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2014-3248"
            },
            {
              "name": "59197",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59197"
            },
            {
              "name": "59200",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59200"
            },
            {
              "name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
              "refsource": "MISC",
              "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
            },
            {
              "name": "68035",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3248",
    "datePublished": "2014-11-16T17:00:00.000Z",
    "dateReserved": "2014-05-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:35:57.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4761 (GCVE-0-2013-4761)

Vulnerability from cvelistv5 – Published: 2013-08-20 22:00 – Updated: 2024-08-06 16:52

Summary

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2013/dsa-2761	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://puppetlabs.com/security/cve/cve-2013-4761/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-1284.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-1283.html	vendor-advisoryx_refsource_REDHAT

Date Public ?

2013-08-15 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:26.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2761",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2761"
          },
          {
            "name": "SUSE-SU-2014:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
          },
          {
            "name": "RHSA-2013:1284",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
          },
          {
            "name": "RHSA-2013:1283",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-26T13:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2761",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2761"
        },
        {
          "name": "SUSE-SU-2014:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
        },
        {
          "name": "RHSA-2013:1284",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
        },
        {
          "name": "RHSA-2013:1283",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2761",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2761"
            },
            {
              "name": "SUSE-SU-2014:0155",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
            },
            {
              "name": "http://puppetlabs.com/security/cve/cve-2013-4761/",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
            },
            {
              "name": "RHSA-2013:1284",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
            },
            {
              "name": "RHSA-2013:1283",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4761",
    "datePublished": "2013-08-20T22:00:00.000Z",
    "dateReserved": "2013-07-05T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:52:26.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4969 (GCVE-0-2013-4969)

Vulnerability from cvelistv5 – Published: 2014-01-07 18:00 – Updated: 2024-08-06 16:59

Summary

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2013/dsa-2831	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/56254	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/56253	third-party-advisoryx_refsource_SECUNIA
	http://puppetlabs.com/security/cve/cve-2013-4969	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2077-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2013-12-26 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:41.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2831",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2831"
          },
          {
            "name": "56254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56254"
          },
          {
            "name": "56253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2013-4969"
          },
          {
            "name": "USN-2077-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2077-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-16T18:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2831",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2831"
        },
        {
          "name": "56254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56254"
        },
        {
          "name": "56253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2013-4969"
        },
        {
          "name": "USN-2077-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2077-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2831",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2831"
            },
            {
              "name": "56254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56254"
            },
            {
              "name": "56253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56253"
            },
            {
              "name": "http://puppetlabs.com/security/cve/cve-2013-4969",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2013-4969"
            },
            {
              "name": "USN-2077-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2077-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4969",
    "datePublished": "2014-01-07T18:00:00.000Z",
    "dateReserved": "2013-07-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:59:41.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3250 (GCVE-0-2014-3250)

Vulnerability from cvelistv5 – Published: 2017-12-11 17:00 – Updated: 2024-08-06 10:35

Summary

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://puppet.com/security/cve/CVE-2014-3250	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1101347	x_refsource_CONFIRM

Date Public ?

2014-05-26 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.093Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/CVE-2014-3250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-11T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/CVE-2014-3250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://puppet.com/security/cve/CVE-2014-3250",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/CVE-2014-3250"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3250",
    "datePublished": "2017-12-11T17:00:00.000Z",
    "dateReserved": "2014-05-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:35:57.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.