Oracle Java April 2016 Security Fixes
Posted May 4, 2016
Assessed Risk Level: Medium
On April 19, 2016 Oracle announced several vulnerabilities in Java.
Puppet Enterprise 3.8.x, 2015.3.x and 2016.1.x ship with a vulnerable version of Java. Puppet Enterprise 3.8.5 and 2016.1.2 include updates to address the security announcement.
For more information about these vulnerabilities, please refer to the Oracle security announcement (http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixJAVA).
Affected Software Versions:
- Puppet Enterprise 3.8.x prior to 3.8.5
- Puppet Enterprise 2015.3.x
- Puppet Enterprise 2016.1.x prior to 2016.1.2
- Puppet Enterprise 3.8.5
- Puppet Enterprise 2016.1.2