Rubygems March 2019 Security Fixes
Posted April 30, 2019
Assessed Risk Level: High
On March 5, 2019 RubyGems announced several vulnerabilities.
Previous versions of Puppet Agent, PDK and Puppet Enterprise shipped with a vulnerable version of RubyGems.
For more information about this vulnerability, refer to RubyGems’s release announcement page (https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html).
Affected software versions:
- Puppet Agent versions prior to 5.5.14
- Puppet Agent versions prior to 6.0.9
- Puppet Agent versions prior to 6.4.2
- PDK versions prior to 22.214.171.124
- Puppet Enterprise versions prior to 2016.4.11
- Puppet Enterprise versions prior to 2017.3.6
- Puppet Agent 5.5.14
- Puppet Agent 6.0.9
- Puppet Agent 6.4.2
- PDK 126.96.36.199
- Puppet Enterprise 2019.0.3
- Puppet Enterprise 2018.1.8