Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
fcdba1fd04ebb02566f9813a18b2fc84
Ubuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.
b24b5fccd1a73bb1d4a15a08af33b3b7