Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-1547

Update ruby to address vulnerabilities fixed in v2.4.2

    XMLWordPrintable

Details

    • Platform OS
    • 5
    • Platform OS 2017-10-03, Platform OS 2017-10-17
    • Security Fix
    • Hide
      (for agent 5.3.3): Updated vendored ruby version to 2.4.2 to address the following vulnerabilities:
      * CVE-2017-0898
      * CVE-2017-10784
      * CVE-2017-14033
      * CVE-2017-14064

      (for agent 1.10.9) Vendored ruby 2.1.9 has been patched to address the following vulnerabilities:
      * CVE-2017-0898
      * CVE-2017-10784
      * CVE-2017-14033
      * CVE-2017-14064
      Show
      (for agent 5.3.3): Updated vendored ruby version to 2.4.2 to address the following vulnerabilities: * CVE-2017-0898 * CVE-2017-10784 * CVE-2017-14033 * CVE-2017-14064 (for agent 1.10.9) Vendored ruby 2.1.9 has been patched to address the following vulnerabilities: * CVE-2017-0898 * CVE-2017-10784 * CVE-2017-14033 * CVE-2017-14064
    • No Action

    Description

      ruby 2.1.9 will need to have patches applied (see https://tickets.puppetlabs.com/browse/RE-9323).
      Later versions of ruby should be updated to latest in their series.

      For versions later than 2.1, updating will also address the rubygems vuln (PA-1465). For 2.1 you'll also need to include that patch.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              morgan Morgan Rhodes
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support