CVE-2015-7551 - Fiddle and DL Ruby Vulnerability

Overview

CVE-2015-7551 - Fiddle and DL Ruby Vulnerability

  • Posted January 27, 2016

  • Assessed Risk Level: Low

On December 16, 2015 the Ruby project announced CVE-2015-7551 addressing unsafe string usage in Fiddle and DL.

Default configurations of Puppet Enterprise, Puppet Agent, and Puppet on Windows are not vulnerable. The version of Ruby shipping with Puppet Enterprise 3.8.4, Puppet Enterprise 2015.3.2, Puppet Agent 1.3.4, and Puppet 3.8.5 (Windows only) have been updated to address this vulnerability.

For more information about the vulnerability, please refer to the Ruby security announcement .

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x prior to 3.8.4
  • Puppet Enterprise 2015.x prior to 2015.3.2
  • Puppet Agent 1.x prior to 1.3.4
  • Puppet 3.x prior to 3.8.5 (Windows only)

Resolved in:

  • Puppet Enterprise 3.8.4
  • Puppet Enterprise 2015.3.2
  • Puppet Agent 1.3.4
  • Puppet 3.8.5 (Windows only)