Ruby December 2017 Security Fixes
Posted February 5, 2018
Assessed Risk Level: Medium
On December 14, 2017 Ruby announced a vulnerability with a bundled library.
Previous versions of puppet-agent shipped with a vulnerable versions of ruby.
For more information about this vulnerability, refer to Ruby’s security announcement page. (https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/)
Affected software versions:
- Puppet Agent versions prior to 1.10.10
- Puppet Agent versions prior to 5.3.4
- Puppet Enterprise versions prior to 2016.4.10
- Puppet Enterprise versions prior to 2017.3.3
- Puppet Agent 1.10.10
- Puppet Agent 5.3.4
- Puppet Enterprise 2016.4.10
- Puppet Enterprise 2017.3.3