Posted August 8, 2017
Assessed Risk Level: Medium
On July 11, nginx announced an integer overflow vulnerability. Previous versions of Puppet Enterprise include a vulnerable version of nginx. Puppet Enterprise 2016.4.7 and 2017.2.3 include an updated version of nginx to address this issue.
For more information about the vulnerability, refer to the nginx security advisory.
Affected Software Versions:
- Puppet Enterprise prior to 2016.4.7
- Puppet Enterprise 2017.1.x
- Puppet Enterprise 2017.2.x prior to 2017.2.3
- Puppet Enterprise 2016.4.7
- Puppet Enterprise 2017.2.3