On May 24, 2016 libxslt announced a vulnerability in attribute preprocessing.
Previous versions of Puppet Enterprise shipped with a vulnerable version of libxslt. Puppet Enterprise 2016.2.1 and Puppet Agent 1.5.3 include an updated version of libxslt to fix this vulnerability.
For more information about this vulnerability, refer to the libxslt release notes (http://xmlsoft.org/XSLT/news.html).
Affected Software Versions: