Overview

OpenSSL January 2016 Security Fixes

  • Posted February 3, 2016

  • Assessed Risk Level: Medium

On January 28, 2016 OpenSSL announced several security vulnerabilities.

Puppet Enterprise, Puppet Agent 1.2.4 and higher and Puppet 3.8.4 and higher (Windows Only) include a vulnerable version of OpenSSL. Puppet Enterprise 2015.3.2, Puppet Enterprise 3.8.4, Puppet Agent 1.3.5, and Puppet 3.8.6 contain an updated OpenSSL that has addressed this vulnerability.

For more information about the vulnerabilities, please refer to the OpenSSL security announcement.

Status:

Affected Software Versions:

  • Puppet Enterprise 2015.2.1 - 2015.3.1
  • Puppet Enterprise 3.8.0 - 3.8.3 (Windows and AIX Only)
  • Puppet Agent 1.2.4 - 1.3.4
  • Puppet 3.8.4 - 3.8.5 (Windows Only)

Resolved in:

  • Puppet Enterprise 2015.3.2
  • Puppet Enterprise 3.8.4
  • Puppet Agent 1.3.5
  • Puppet 3.8.6