top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

puppet on centos repository and its security

+1 vote
312 views

I am using puppet 2.7.20 from rpmforge, with a build date of Wed 20 Mar 2013. EPEL has an even older version. Then I see this: http://puppetlabs.com/security/cve/cve-2013-3567 that was posted on the month of July 2013.

Do I understand correctly, that my puppet-master is vulnerable to remote code execution by every node that has access to master's port tcp/8140?

If so, then the only option to use puppet while being safe is to use puppetlabs repo, or build puppet myself?

posted Oct 31, 2013 by Deepankar Dubey

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

I am using puppet 2.7.20 from rpmforge, with a build date of Wed 20 Mar 2013. EPEL has an even older version.

A very old and occasionally suspect repo (rpmforge) in terms of lack of updates (see the clamav issues a little while back). EPEL is better but stays a lot older.

Do I understand correctly, that my puppet-master is vulnerable to remote code execution by every node that has access to master's port tcp/8140?

Yes that is almost certainly the case - best to check the --changelog of the RPM you are using though.

If so, then the only option to use puppet while being safe is to use puppetlabs repo, or build puppet myself?

Using the official puppetlabs repo is the best/right answer and will allow you to be on the most recent puppet version - there are significant reasons why this is desirable.

answer Oct 31, 2013 by Seema Siddique
Similar Questions
+2 votes

If I add priority=1 to [updates] in CentOS-Base.repo
when I run "sudo yum update" I get the warning 66 packages excluded due to repository priority protections

This does not seem to have any adverse effect, but what exactly does it mean?

0 votes

I can't seem to check off the centos media repo from within the add/remove application.
Is there a way to do this? I tried to invoke gpk-application from root but it didn't work.

0 votes

I used to have opendns set up as my DNS.

network manager still has opendns IP addresses in the relevant entry of the gui. Also /etc/network/interfaces has the opendns IPs.

However, this has stopped working and I appear to be using my ISP DNS

How do I get back to my previous situation of using opendns?

0 votes

I've installed CentOS 7 in a KVM powered VM on my CentOS 6 desktop. I'm not getting any sound.
Google seams to have no clue what to do. How about you?

...