Overview

CVE-2015-7995 - Preprocessing type confusion in libxslt

  • Posted August 9, 2016

  • Assessed Risk Level: Medium

On May 24, 2016 libxslt announced a vulnerability in attribute preprocessing.

Previous versions of Puppet Enterprise shipped with a vulnerable version of libxslt. Puppet Enterprise 2016.2.1 and Puppet Agent 1.5.3 include an updated version of libxslt to fix this vulnerability.

For more information about this vulnerability, refer to the libxslt release notes (http://xmlsoft.org/XSLT/news.html).

Status:

Affected Software Versions:

  • Puppet Agent 1.3.3 - 1.5.2
  • Puppet Enterprise 2015.3.2 - 2015.3.3
  • Puppet Enterprise 2016.x prior to 2016.2.1

Resolved in:

  • Puppet Agent 1.5.3
  • Puppet Enterprise 2016.2.1