14 DAY TRIAL // On August 15, Canonical published details about Puppet vulnerabilities for its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.
According to Canonical, several security issues have been fixed in Puppet.
It has been discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files.
Also, Puppet incorrectly handled permissions on the modules it installed. Modules could have been installed with the permissions that existed when they were built, possibly exposing them to a local attacker.
For a more detailed description of the security problems, you can visit Canonical's security notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest puppet-common package, specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes.