Overview

Curl March 2018 Security Fixes

  • Posted May 1, 2018

  • Assessed Risk Level: Low

The curl project has released fixes for several vulnerabilities announced in April. Puppet Enterprise 2016.4.11 and 2017.3.6 ship with an updated version of curl that has addressed these vulnerabilities.

For more information about these vulnerabilities refer to Curl vulnerabilities table (https://curl.haxx.se/docs/security.html)

Status:

Affected software versions:

  • Puppet Agent versions prior to 1.10.12
  • Puppet Agent versions prior to 5.3.6
  • Puppet Enterprise versions prior to 2016.4.11
  • Puppet Enterprise versions prior to 2017.3.6

Resolved in:

  • Puppet Agent 1.10.12
  • Puppet Agent 5.3.6
  • Puppet Enterprise 2016.4.11
  • Puppet Enterprise 2017.3.6
  • Puppet Enterprise 2018.1.0