SUSE Linux Enterprise Server 11 Puppet security bug SUSE-SU-2014:0155-1

Back in January 2014, SUSE released a security update SUSE-SU-2014:0155-1 which was related to Puppet fixes for remote code execution vulnerability in the "resource_type" service (CVE-2013-4761). Additionally, the update prevented Puppet from executing initialization scripts that could trigger a system reboot when handling "puppet resource service" calls.

Involved in testing another vulnerability related to Puppet in months that followed.

Novell took the bug very seriously, did proper testing and released an update in a very efficient manner. That was a great example of a company protecting the customers without delays. Dealing with Novell staff was pleasure.