Overview

Nokogiri June 2016 Security Fixes

  • Posted August 9, 2016

  • Assessed Risk Level: Medium

On June 1, 2016 Nokogiri announced several vulnerabilities.

Previous versions of Puppet Enterprise 2016.x shipped with a vulnerable version of Nokogiri. This only affected agents running on the HuaweiOS platform.

For more information about this vulnerability, refer to the Nokogiri security announcement (https://blog.srcclr.com/nokogiri-v1.6.8.rc3-disclosure/)

Status:

Affected Software Versions:

  • Puppet Agent 1.4.0 - 1.5.2
  • Puppet Enterprise 2016.1.x
  • Puppet Enterprise 2016.2.0

Resolved in:

  • Puppet Agent 1.5.3
  • Puppet Enterprise 2016.2.1