OpenSSL January 2016 Security Fixes
Posted February 3, 2016
Assessed Risk Level: Medium
On January 28, 2016 OpenSSL announced several security vulnerabilities.
Puppet Enterprise, Puppet Agent 1.2.4 and higher and Puppet 3.8.4 and higher (Windows Only) include a vulnerable version of OpenSSL. Puppet Enterprise 2015.3.2, Puppet Enterprise 3.8.4, Puppet Agent 1.3.5, and Puppet 3.8.6 contain an updated OpenSSL that has addressed this vulnerability.
For more information about the vulnerabilities, please refer to the OpenSSL security announcement.
Affected Software Versions:
- Puppet Enterprise 2015.2.1 - 2015.3.1
- Puppet Enterprise 3.8.0 - 3.8.3 (Windows and AIX Only)
- Puppet Agent 1.2.4 - 1.3.4
- Puppet 3.8.4 - 3.8.5 (Windows Only)
- Puppet Enterprise 2015.3.2
- Puppet Enterprise 3.8.4
- Puppet Agent 1.3.5
- Puppet 3.8.6