{"id":"MGASA-2014-0084","summary":"Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression","details":"Updated puppet and puppet3 packages fix security vulnerability:\n\nAn unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this \nvulnerability and overwrite an arbitrary file in the system (CVE-2013-4969).\n\nThis update also corrects an upstream regression, see references for details. \n","modified":"2026-04-16T06:26:07.075808191Z","published":"2014-02-19T21:15:34Z","upstream":["CVE-2013-4969"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0084.html"},{"type":"WEB","url":"http://www.debian.org/security/2013/dsa-2831"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2077-2/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12184"}],"affected":[{"package":{"name":"puppet","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/puppet?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.23-1.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0084.json"}},{"package":{"name":"puppet3","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/puppet3?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.4-1.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0084.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}