libssh2 July 2019 Security Fixes

  • Posted July 30, 2019

  • Assessed Risk Level: High

On July 2nd 2019, RedHat published security updates addressing several CVEs in libssh2. Previous releases of Puppet Enterprise contain a vulnerable version of libssh2. Puppet Enterprise 2019.1.1, 2019.0.4, and 2018.1.9 contain an updated version of libssh2 that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the RedHat security announcement.


Affected software versions:

  • Puppet Enterprise versions prior to 2019.1.1
  • Puppet Enterprise versions prior to 2019.0.4
  • Puppet Enterprise versions prior to 2018.1.9

Resolved in:

  • Puppet Enterprise 2019.1.1
  • Puppet Enterprise 2019.0.4
  • Puppet Enterprise 2018.1.9