Overview

Rubygems March 2019 Security Fixes

  • Posted April 30, 2019

  • Assessed Risk Level: High

On March 5, 2019 RubyGems announced several vulnerabilities.

Previous versions of Puppet Agent, PDK and Puppet Enterprise shipped with a vulnerable version of RubyGems.

For more information about this vulnerability, refer to RubyGems’s release announcement page (https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html).

Status:

Affected software versions:

  • Puppet Agent versions prior to 5.5.14
  • Puppet Agent versions prior to 6.0.9
  • Puppet Agent versions prior to 6.4.2
  • PDK versions prior to 1.10.0.0
  • Puppet Enterprise versions prior to 2016.4.11
  • Puppet Enterprise versions prior to 2017.3.6

Resolved in:

  • Puppet Agent 5.5.14
  • Puppet Agent 6.0.9
  • Puppet Agent 6.4.2
  • PDK 1.10.0.0
  • Puppet Enterprise 2019.0.3
  • Puppet Enterprise 2018.1.8