Ruby April 2018 Security Fixes

Overview

Ruby April 2018 Security Fixes

  • Posted May 1, 2018

  • Assessed Risk Level: Low

On March 3, 2018 Ruby announced several vulnerabilities.

Previous versions of Puppet Agent shipped with a vulnerable version of ruby.

For more information about this vulnerability, refer to Ruby’s release announcement page (https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/).

Status:

Affected software versions:

  • Puppet Agent versions prior to 1.10.12
  • Puppet Agent versions prior to 5.3.6
  • Puppet Agent versions prior to 5.5.1
  • PDK versions prior to 1.5.0
  • Puppet Enterprise versions prior to 2016.4.11
  • Puppet Enterprise versions prior to 2017.3.6

Resolved in:

  • Puppet Agent 1.10.12
  • Puppet Agent 5.3.6
  • Puppet Agent 5.5.1
  • PDK 1.5.0
  • Puppet Enterprise 2016.4.11
  • Puppet Enterprise 2017.3.6
  • Puppet Enterprise 2018.1.0