Rubyzip June 2018 Security Fixes

  • Posted November 6, 2018

  • Assessed Risk Level: Medium

In August 2018, the rubyzip project released a fix for a vulnerability announced in June 2018. Puppet Enterprise 2018.1.5 and 2019.0.1 ship with an updated version of rubyzip that has addressed this vulnerability.

For more information about this vulnerability refer to the Red Hat CVE(https://bugzilla.redhat.com/show_bug.cgi?id=1593001)

Status:

Affected software versions:

  • Puppet Enterprise versions prior to 2019.0.1
  • Puppet Enterprise versions prior to 2018.1.5

Resolved in:

  • Puppet Enterprise 2019.0.1
  • Puppet Enterprise 2018.1.5