OpenSSL December 2015 Security Fixes
Posted January 27, 2016
Assessed Risk Level: Medium
On December 3, 2015, OpenSSL announced several security vulnerabilities.
Puppet Agent 1.2.4 and higher with the Ruby MRI Puppet Master are vulnerable. Puppet Agent 1.3.4 contains an updated OpenSSL that has addressed this vulnerability.
Default deployments of Puppet Enterprise are not vulnerable. Puppet Enterprise 3.8.4 includes an update to OpenSSL 1.0.1q and Puppet Enterprise 2015.3.2 includes an update to OpenSSL 1.0.2f.
For more information about the vulnerabilities, please refer to the OpenSSL security announcement .
Affected Software Versions:
- Puppet Agent 1.2.4 - 1.3.2
- Puppet Agent 1.3.4