OpenSSL January 2017 Security Fixes

Overview

OpenSSL January 2017 Security Fixes

  • Posted May 11, 2017

  • Assessed Risk Level: Medium

On January 26th, OpenSSL announced several security vulnerabilities. Previous releases of Puppet Enterprise contained a vulnerable version of OpenSSL. Puppet Enterprise 2016.4.5 and 2017.2.1 contain an updated version of OpenSSL that has fixed the vulnerabilities.

For more information about the vulnerabilities, refer to the OpenSSL security announcement.

Status:

Affected Software Versions:

  • Puppet Enterprise prior to 2016.4.5
  • Puppet Enterprise 2016.5.x
  • Puppet Enterprise 2017.1.x
  • Puppet Agent prior to 1.10.1
  • PE Client Tools prior to 16.4.2
  • PE Client Tools prior to 17.2.0

Resolved in:

  • Puppet Enterprise 2016.4.5
  • Puppet Enterprise 2017.2.1
  • Puppet Agent 1.10.1
  • PE Client Tools 16.4.2
  • PE Client Tools 17.2.0