Puppet 3.2.4 发布,系统管理工具

来源: 投稿
作者: fei
2013-08-22 00:00:00

Puppet,是基于Ruby的一个工具,可以集中管理每一个重要方面,使用的是跨平台的规范语言,管理所有单独的元素,通常聚集在不同的文件,如用户, CRON作业,和主机一起的离散元素,如包装,服务和文件。

Puppet的简单陈述规范语言的能力提供了强大的classing制定了主机之间的相似之处,同时使他们能够提供尽可能具体的必要的,它依赖的先决条件和对象之间的关系清楚而明确。

Puppet发布3.2.4/2.7.23正式版。2013-08-16上个版本是2013-07-16的3.2.3其他产品线3.1.1 3.0.2 2.6.18 紧急修复2个安全漏洞 CVE-2013-4761和CVE-2013-4956。

发布声明:

Puppet 3.2.4

Released August 15, 2013.

3.2.4 is a security fix release of the Puppet 3.2 series. It has no other bug fixes or new features.

Security Fixes

CVE-2013-4761 (resource_typeRemote Code Execution Vulnerability)

By using theresource_typeservice, an attacker could cause Puppet to load arbitrary Ruby files from the puppet master server’s file system. While this behavior is not enabled by default,auth.confsettings could be modified to allow it. The exploit requires local file system access to the Puppet Master.

CVE-2013-4956 (Puppet Module Permissions Vulnerability)

The puppet module subcommand did not correctly control permissions of modules it installed, instead transferring permissions that existed when the module was built.

下载:http://downloads.puppetlabs.com/puppet/puppet-3.2.4.tar.gz

 

http://downloads.puppetlabs.com/puppet/puppet-2.7.23.tar.gz

展开阅读全文
12 收藏
分享
2 评论
12 收藏
分享
返回顶部
顶部