Overview

Libxml2 May 2016 Security Fixes

  • Posted August 9, 2016

  • Assessed Risk Level: Medium

On May 23, 2016 libxml2 announced several vulnerabilities.

Previous versions of Puppet Enterprise 2016.x shipped with a vulnerable version of libxml2. Puppet Enterprise 2016.2.1 and Puppet Agent 1.5.3 include an updated version of libxml2 to that fixes these vulnerabilities.

For more information about these vulnerabilities, refer to the libxml2 release notes (http://xmlsoft.org/news.html).

Status:

Affected Software Versions:

  • Puppet Agent 1.3.3 - 1.5.2
  • Puppet Enterprise 2015.3.2 - 2015.3.3
  • Puppet Enterprise 2016.x prior to 2016.2.1

Resolved in:

  • Puppet Agent 1.5.3
  • Puppet Enterprise 2016.2.1