Overview

Vulnerabilities in vendored curl software

  • Posted July 28, 2015

  • Assessed Risk Level: Low

On June 17th, The open source curl project announced two security vulnerabilities in the libcurl http client library. The Puppet Agent package prior to 1.2.2 contained a vulnerable version of curl. Puppet agent 1.2.2 contains an updated version of curl. For more information about the libcurl vulnerabilities, refer to CVE-2015-3236 and CVE-2015-3237.

Status:

Affected Software Versions:

  • Puppet Agent 1.x

Resolved in:

  • Puppet Agent 1.2.2