Security update for rubygem-puppet
Announcement ID: | SUSE-SU-2018:0602-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability can now be installed.
Description:
This update for rubygem-puppet fixes the following issues:
- CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files were unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions (bsc#1080288)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Advanced Systems Management Module 12
zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-409=1
Package List:
-
Advanced Systems Management Module 12 (ppc64le s390x x86_64)
- ruby2.1-rubygem-puppet-4.8.1-32.3.1
- rubygem-puppet-4.8.1-32.3.1