Overview

Curl November 2017 Security Fixes

  • Posted February 5, 2018

  • Assessed Risk Level: Medium

There are several vulnerabilities for Curl which have been announced. Versions of Puppet Enterprise prior to 2016.4.10 and 2017.3.3 shipped with a vulnerable version of curl. Puppet Enterprise 2016.4.10 and 2017.3.3 ship with an updated version of curl that has addressed these vulnerabilities.

For more information about these vulnerabilities refer to Curl vulnerabilities table (https://curl.haxx.se/docs/security.html)

Status:

Affected software versions:

  • Puppet Agent versions prior to 1.10.10
  • Puppet Agent versions prior to 5.3.4
  • Puppet Enterprise versions prior to 2016.4.10
  • Puppet Enterprise versions prior to 2017.3.3

Resolved in:

  • Puppet Agent 1.10.10
  • Puppet Agent 5.3.4
  • Puppet Enterprise 2016.4.10
  • Puppet Enterprise 2017.3.3