Ubuntu Security Notice 917-1 – It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87590/USN-917-1.txt
Source: https://packetstormsecurity.com/files/87590/Ubuntu-Security-Notice-917-1.html