It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppet" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppet-common" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppet-el" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppet-testsuite" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppetmaster" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppetmaster-common" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "puppetmaster-passenger" }, { "binary_version": "3.4.3-1ubuntu1.3", "binary_name": "vim-puppet" } ] }