Overview

OpenSSL December 2017 Security Fixes

  • Posted February 5, 2018

  • Assessed Risk Level: Medium

On December 7, 2017 OpenSSL announced several vulnerabilities.

Previous versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Puppet Enterprise 2016.4.10 and 2017.3.3 contain and updated version of OpenSSL which has addressed these vulnerabilities.

For more information about this vulnerability, refer to the OpenSSL vulnerability release notes. (https://www.openssl.org/news/secadv/20171102.txt and https://www.openssl.org/news/secadv/20171207.txt)

Status:

Affected software versions:

  • Puppet Enterprise Client Tools prior to 16.4.3.9
  • Puppet Agent prior to 1.10.10
  • Puppet Enterprise prior to 2016.4.10
  • Puppet Enterprise prior to 2017.3.3
  • PDK prior to 1.3.2.0

Resolved in:

  • pe-client-tools 16.4.3.9
  • Puppet Agent 1.10.10
  • Puppet Enterprise 2016.4.10
  • Puppet Enterprise 2017.3.3
  • PDK 1.3.2.0