Libxml2 May 2016 Security Fixes
Posted August 9, 2016
Assessed Risk Level: Medium
On May 23, 2016 libxml2 announced several vulnerabilities.
Previous versions of Puppet Enterprise 2016.x shipped with a vulnerable version of libxml2. Puppet Enterprise 2016.2.1 and Puppet Agent 1.5.3 include an updated version of libxml2 to that fixes these vulnerabilities.
For more information about these vulnerabilities, refer to the libxml2 release notes (http://xmlsoft.org/news.html).
Affected Software Versions:
- Puppet Agent 1.3.3 - 1.5.2
- Puppet Enterprise 2015.3.2 - 2015.3.3
- Puppet Enterprise 2016.x prior to 2016.2.1
- Puppet Agent 1.5.3
- Puppet Enterprise 2016.2.1