CVE-2015-7995 - Preprocessing type confusion in libxslt
Posted August 9, 2016
Assessed Risk Level: Medium
On May 24, 2016 libxslt announced a vulnerability in attribute preprocessing.
Previous versions of Puppet Enterprise shipped with a vulnerable version of libxslt. Puppet Enterprise 2016.2.1 and Puppet Agent 1.5.3 include an updated version of libxslt to fix this vulnerability.
For more information about this vulnerability, refer to the libxslt release notes (http://xmlsoft.org/XSLT/news.html).
Affected Software Versions:
- Puppet Agent 1.3.3 - 1.5.2
- Puppet Enterprise 2015.3.2 - 2015.3.3
- Puppet Enterprise 2016.x prior to 2016.2.1
- Puppet Agent 1.5.3
- Puppet Enterprise 2016.2.1