OpenSSL September 2016 Security Fixes

  • Posted October 20, 2016

  • Assessed Risk Level: High

On September 22, 2016, OpenSSL announced several vulnerabilities

Previous versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Puppet Enterprise 2016.4.0 ships with an updated version of OpenSSL

For more information about these vulnerabilities, please refer to the OpenSSL security announcement (https://www.openssl.org/news/secadv/20160922.txt)


Affected Software Versions:

  • Puppet Enterprise prior to 2016.4.0
  • Puppet Agent prior to 1.7.1

Resolved in:

  • Puppet Enterprise 2016.4.0
  • Puppet Enterprise 3.8.7
  • Puppet Agent 1.7.1