Overview

OpenSSL June 2015 Security Fixes

  • Posted June 18, 2015

  • Assessed Risk Level: Medium

On June 11, the OpenSSL project announced several security vulnerabilities in OpenSSL. Puppet Enterprise versions prior to 3.8.1 contained vulnerable versions of OpenSSL. Puppet Enterprise 3.8.1 contains updated versions of OpenSSL that have patched the vulnerabilities.

For more information about the OpenSSL vulnerabilities, refer to the OpenSSL security announcement.

Status:

Affected Software Versions:

  • Puppet Enterprise 2.x
  • Puppet Enterprise 3.x
  • Puppet Agent 1.x
  • Puppet 3.7.x, 3.8.x (Windows only)

Resolved in:

  • Puppet Enterprise 3.8.1
  • Puppet Agent 1.1.1