Overview

OpenSSL February 2019 Security Fixes

  • Posted: April 30, 2019

  • Assessed Risk Level: Medium

Between March 27, 2018 and February 26, 2019 OpenSSL announced several vulner abilities.

Previous versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Puppet Enterprise 2018.1.8 contains an updated version of OpenSSL which has addressed these vulnerabilities.

For more information about this vulnerability, refer to the OpenSSL vulnerability release notes.

Status:

Affected software versions:

  • pe-client-tools prior to 18.1.8
  • Puppet Agent prior to 6.4.2
  • Puppet Enterprise prior to 2018.1.8

Resolved in:

  • pe-client-tools 18.1.8
  • Puppet Agent 6.4.2
  • Puppet Enterprise 2018.1.8