Overview

Rubygems August 2017 Security Fixes

  • Posted November 7, 2017

  • Assessed Risk Level: Medium

On August 27, 2017 Rubygems announced several vulnerabilities.

Previous versions of Puppet Enterprise 2017.x, Puppet Enterprise 2016.4, and Puppet Agent shipped with a vulnerable version of rubygems in puppet-agent.

For more information about this vulnerability, refer to the Rubygems security announcement (http://blog.rubygems.org/2017/08/27/2.6.13-released.html)

Status:

Affected software versions:

  • Puppet Agent versions prior to 1.10.9
  • Puppet Agent versions prior to 5.3.3
  • Puppet Enterprise versions prior to 2016.4.9
  • Puppet Enterprise versions prior to 2017.2.5
  • Puppet Enterprise versions prior to 2017.3.2

Resolved in:

  • Puppet Agent 1.10.9
  • Puppet Agent 5.3.3
  • Puppet Enterprise 2016.4.9
  • Puppet Enterprise 2017.2.5
  • Puppet Enterprise 2017.3.2