Posted September 21, 2017
Assessed Risk Level: Medium
A vulnerability was discovered in augeas in which an attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. Puppet agent 1.10.7 contains an updated version of augeas that has patched the vulnerabilities.
For more information about the vulnerability, refer to the augeas patch.
Affected software versions:
- Puppet agent prior to 1.10.7