CVE-2014-3248 漏洞信息： Ubuntu Security Notification for Puppet Vulnerabilities (USN-3308-1)

It was discovered that Puppet incorrectly handled the search path.

It was discovered that Puppet incorrectly handled YAML deserialization.

A local attacker could use this issue to possibly execute arbitrary code. (CVE-2014-3248)

A remote attacker could possibly use this issue to execute arbitrary code on the master. This update is incompatible with agents older than 3.2.2. (CVE-2017-2295)

Refer to Ubuntu advisory USN-3308-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3308-1: 14.04 (Kylin) on src (puppet-common)