Overview

Curl November 2016 Security Fixes

  • Posted: February 7, 2017

  • Assessed Risk Level: Medium

On November 2nd, curl announced several security vulnerabilities. Previous releases of Puppet Enterprise contained a vulnerable version of curl. Puppet Enterprise 2016.4.3 and 2016.5.2 contain an updated version of curl that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the curl release notes.

Status:

Affected Software Versions:

  • Puppet Enterprise prior to 2016.4.3
  • Puppet Enterprise 2016.5.1
  • Puppet Agent prior to 1.7.2
  • Puppet Agent 1.8.0 - 1.8.2
  • PE Client Tools 16.4.0
  • PE Client Tools 16.5.2

Resolved in:

  • Puppet Enterprise 2016.4.3
  • Puppet Enterprise 2016.5.2
  • Puppet Agent 1.7.2
  • Puppet Agent 1.8.3
  • PE Client Tools 16.4.1
  • PE Client Tools 16.5.3