OpenSSL December 2017 Security Fixes

  • Posted February 5, 2018

  • Assessed Risk Level: Medium

On December 7, 2017 OpenSSL announced several vulnerabilities.

Previous versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Puppet Enterprise 2016.4.10 and 2017.3.3 contain and updated version of OpenSSL which has addressed these vulnerabilities.

For more information about this vulnerability, refer to the OpenSSL vulnerability release notes. ( and


Affected software versions:

  • Puppet Enterprise Client Tools prior to
  • Puppet Agent prior to 1.10.10
  • Puppet Enterprise prior to 2016.4.10
  • Puppet Enterprise prior to 2017.3.3
  • PDK prior to

Resolved in:

  • pe-client-tools
  • Puppet Agent 1.10.10
  • Puppet Enterprise 2016.4.10
  • Puppet Enterprise 2017.3.3
  • PDK
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.