On May 23, 2016 libxml2 announced several vulnerabilities.
Previous versions of Puppet Enterprise 2016.x shipped with a vulnerable version of libxml2. Puppet Enterprise 2016.2.1 and Puppet Agent 1.5.3 include an updated version of libxml2 to that fixes these vulnerabilities.
For more information about these vulnerabilities, refer to the libxml2 release notes (http://xmlsoft.org/news.html).
Affected Software Versions: