I am using puppet 2.7.20 from rpmforge, with a build date of Wed 20 Mar
2013. EPEL has an even older version. Then I see this: http://puppetlabs.com/security/cve/cve-2013-3567 that was posted on the month of July 2013.
Do I understand correctly, that my puppet-master is vulnerable to remote code execution by every node that has access to master’s port tcp/8140?
If so, then the only option to use puppet while being safe is to use puppetlabs repo, or build puppet myself?
Thank you Ignas