This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
Start using this module
- Setup - The basics of getting started with cesa_2019_2091
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This remediation addresses the following CVEs:
Remediation is performed by using yum to updating key systemd packages to newer versions. Affected systemd RPM packages include:
Using a Puppet file or other method, install in an appropriate place such that the task is visible to your task runner.
$ bolt task show cesa_2019_2091::remediate remediates CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888
Using your prefered method of running bolt tasks, run the task.
$ bolt task run cesa_2019_2091::remediate -n cent7-1,cent7-2,cent7-3
This remediation relies on yum, yum repositories, and related technologies to update RPM packages.
This remediation updates the relevant RPM packages to the latest available version without additional version checks. If your system remains vulnerable to these CVEs, it is likely sufficiently updated RPMs are not available in your yum repository as presntly configured.
This remediation targets the standard systemd packages most likely to be affected by these CVEs. Additional packages which may require attention are described in the relevant CentOS-CR-announce mailing list announcement
Pull requests welcome
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.