Posted May 1, 2018
Assessed Risk Level: Low
On March 3, 2018 Ruby announced several vulnerabilities.
Previous versions of Puppet Agent shipped with a vulnerable version of ruby.
For more information about this vulnerability, refer to Ruby’s release announcement page (https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/).
Affected software versions:
- Puppet Agent versions prior to 1.10.12
- Puppet Agent versions prior to 5.3.6
- Puppet Agent versions prior to 5.5.1
- PDK versions prior to 1.5.0
- Puppet Enterprise versions prior to 2016.4.11
- Puppet Enterprise versions prior to 2017.3.6
- Puppet Agent 1.10.12
- Puppet Agent 5.3.6
- Puppet Agent 5.5.1
- PDK 1.5.0
- Puppet Enterprise 2016.4.11
- Puppet Enterprise 2017.3.6
- Puppet Enterprise 2018.1.0