Overview

CVE-2017-7529 - Integer overflow in nginx

  • Posted August 8, 2017

  • Assessed Risk Level: Medium

On July 11, nginx announced an integer overflow vulnerability. Previous versions of Puppet Enterprise include a vulnerable version of nginx. Puppet Enterprise 2016.4.7 and 2017.2.3 include an updated version of nginx to address this issue.

For more information about the vulnerability, refer to the nginx security advisory.

Status:

Affected Software Versions:

  • Puppet Enterprise prior to 2016.4.7
  • Puppet Enterprise 2017.1.x
  • Puppet Enterprise 2017.2.x prior to 2017.2.3

Resolved in:

  • Puppet Enterprise 2016.4.7
  • Puppet Enterprise 2017.2.3