Ruby October 2019 Security Fixes

CVSS 3 Base Score:

Posted On:
November 6, 2019

Assessed Risk Level:
High

On October 1, 2019, Ruby published security updates addressing several CVEs. Previous releases of Puppet Enterprise contain a vulnerable version of Ruby. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of Ruby that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the security announcements for CVE-2019-16255, CVE-2019-16254, CVE-2019-15845, and CVE-2019-16201.

Status:

Affected software versions:

Puppet Agent 5 versions prior to 5.5.17
Puppet Agent 6 versions prior to 6.4.4
Puppet Enterprise 2019.1 versions prior to 2019.1.3
Puppet Enterprise 2018.1 versions prior to 2018.1.11
Bolt versions prior to 1.32.0
PDK versions prior to 1.14.0.0

Resolved in:

Puppet Agent 5.5.17
Puppet Agent 6.4.4
Puppet Enterprise 2019.1.3
Puppet Enterprise 2018.1.11
Bolt 1.32.0
PDK 1.14.0.0

← Back to CVE Listings

Achieving Zero Trust Security with Puppet Enterprise

Achieving Zero Trust Security with Puppet Enterprise

Ruby October 2019 Security Fixes

CVSS 3 Base Score:

Posted On:
November 6, 2019

Assessed Risk Level:
High

Status:

Get Started

Puppet Enterprise

Puppet Enterprise Extensions

Ruby October 2019 Security Fixes

CVSS 3 Base Score:

Posted On: November 6, 2019

Assessed Risk Level: High

Status:

Posted On:
November 6, 2019

Assessed Risk Level:
High