Puppet Agent 1.2.4 and higher with the Ruby MRI Puppet Master are vulnerable. Puppet Agent 1.3.4 contains an updated OpenSSL that has addressed this vulnerability.
Default deployments of Puppet Enterprise are not vulnerable. Puppet Enterprise 3.8.4 includes an update to OpenSSL 1.0.1q and Puppet Enterprise 2015.3.2 includes an update to OpenSSL 1.0.2f.
For more information about the vulnerabilities, please refer to the OpenSSL security announcement .
Affected Software Versions: