Overview

libxslt updates

  • Posted June 22, 2017

  • Assessed Risk Level: Medium

The Nokogiri team reported two issues with libxslt on 2017-05-09 (CVE-2017-5029 and CVE-2016-4738). The Puppet Engineering team does not believe that our products are vulnerable to either of the reported issues, however third-party software built using our vendored libxslt might be vulnerable. Libxslt has been patched in Puppet agent 1.10.2.

Status:

Affected Software Versions:

  • Puppet Agent prior to 1.10.2

Resolved in:

  • Puppet Agent 1.10.2