Forge Home


remediates CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888 as described in CESA-2019:2091 and similar bulletins


1,211 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Dec 9th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • , , ,
  • remediate

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'hpcprofessional-cesa_2019_2091', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add hpcprofessional-cesa_2019_2091
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install hpcprofessional-cesa_2019_2091 --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



hpcprofessional/cesa_2019_2091 — version 0.2.0 Dec 9th 2019


This module contains a Bolt Task that will remediate CVEs described in CESA-2019:2091 and parallel issues present on other Enterprise Linux 7 (EL7) platforms.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with cesa_2019_2091
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


This remediation addresses the following CVEs:

Remediation is performed by using yum to updating key systemd packages to newer versions. Affected systemd RPM packages include:

  • systemd
  • systemd-libs
  • systemd-sysv


Beginning with cesa_2019_2091

Using a Puppet file or other method, install in an appropriate place such that the task is visible to your task runner.


$ bolt task show

cesa_2019_2091::remediate   remediates CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888


Using your prefered method of running bolt tasks, run the task.


$ bolt task run cesa_2019_2091::remediate -n cent7-1,cent7-2,cent7-3


This remediation relies on yum, yum repositories, and related technologies to update RPM packages.

This remediation updates the relevant RPM packages to the latest available version without additional version checks. If your system remains vulnerable to these CVEs, it is likely sufficiently updated RPMs are not available in your yum repository as presntly configured.

This remediation targets the standard systemd packages most likely to be affected by these CVEs. Additional packages which may require attention are described in the relevant CentOS-CR-announce mailing list announcement


Pull requests welcome

Release Notes

Version Notes
0.1.0 Initial release