Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.
0540da72c54f57cbe5a156cdb95056d98fa489beca31a869e539fa0bb49ca073
Red Hat Security Advisory 2013-0710-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in how Puppet handled certain HTTP PUT requests. An attacker with valid authentication credentials, and authorized to save to the authenticated client's own report, could construct a malicious request that could possibly cause the Puppet master to execute arbitrary code. A flaw was found in how Puppet handled the "template" and "inline_template" functions during catalog compilation. If an authenticated attacker were to requests its catalog from the Puppet master, it could possibly result in arbitrary code execution when the catalog is compiled.
287e00cc1e326aec1722ac557fce76b5e0388b5683cb3624788e846953353c44
Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.
626b2c43b3fc60e5818364c42a1dce9ed4a162377a90fdd4f2f3cc47cac16b60
Ubuntu Security Notice 1759-1 - It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. Various other issues were also addressed.
cccb65197566007976c698911967efc5871071adafb220b210b3946a8aba7461