Nokogiri June 2016 Security Fixes
Posted August 9, 2016
Assessed Risk Level: Medium
On June 1, 2016 Nokogiri announced several vulnerabilities.
Previous versions of Puppet Enterprise 2016.x shipped with a vulnerable version of Nokogiri. This only affected agents running on the HuaweiOS platform.
For more information about this vulnerability, refer to the Nokogiri security announcement (https://blog.srcclr.com/nokogiri-v1.6.8.rc3-disclosure/)
Affected Software Versions:
- Puppet Agent 1.4.0 - 1.5.2
- Puppet Enterprise 2016.1.x
- Puppet Enterprise 2016.2.0
- Puppet Agent 1.5.3
- Puppet Enterprise 2016.2.1