14 DAY TRIAL // On June 18, Canonical published in a security notice details about a Puppet vulnerability for its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.
According to Canonical, Puppet could have been made to run programs if it received specially crafted network traffic.
It was discovered that Puppet incorrectly handled YAML payloads. An attacker, on an untrusted client, could have used this issue to execute arbitrary code on the master.
For a more detailed description of the security problems, you can visit Canonical's security notification.
The security flaws can be fixed if you upgrade your system(s) to the latest puppet-common package. To apply the update, run the Update Manager application.
In general, a standard system update will make all the necessary changes. A system restart will be necessary to implement the changes.