Overview

OpenSSL December 2015 Security Fixes

  • Posted January 27, 2016

  • Assessed Risk Level: Medium

On December 3, 2015, OpenSSL announced several security vulnerabilities.

Puppet Agent 1.2.4 and higher with the Ruby MRI Puppet Master are vulnerable. Puppet Agent 1.3.4 contains an updated OpenSSL that has addressed this vulnerability.

Default deployments of Puppet Enterprise are not vulnerable. Puppet Enterprise 3.8.4 includes an update to OpenSSL 1.0.1q and Puppet Enterprise 2015.3.2 includes an update to OpenSSL 1.0.2f.

For more information about the vulnerabilities, please refer to the OpenSSL security announcement .

Status:

Affected Software Versions:

  • Puppet Agent 1.2.4 - 1.3.2

Resolved in:

  • Puppet Agent 1.3.4