Due to a vulnerability in OpenSSL versions 1.0.0 and 1.0.1, if SSL_MODE_RELEASE_BUFFERS is enabled, an attacker could cause a denial of service. This affected agents running on the following operating systems: Solaris 10, Windows, and AIX.

CVSS v2 score: 1.9 with Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C

Affected Platforms:

Puppet Enterprise 3.2 (Solaris, Windows, AIX)

 

Resolved in:

Puppet Enterprise 3.3.0