Overview

OpenSSL September 2019 Security Fixes

  • Posted November 6, 2019

  • Assessed Risk Level: Low

On September 10, 2019, OpenSSL published security updates addressing several CVEs. Previous releases of Puppet Enterprise contain a vulnerable version of OpenSSL. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of OpenSSL that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the OpenSSL security advisory.

Status:

Affected software versions:

  • Puppet Agent 5 versions prior to 5.5.17
  • Puppet Agent 6 versions prior to 6.4.4
  • Puppet Enterprise 2019.1 versions prior to 2019.1.3
  • Puppet Enterprise 2018.1 versions prior to 2018.1.11
  • PE Client Tools 18.1 versions prior to 18.1.12
  • PE Client Tools 19.1 versions prior to 19.1.5
  • Bolt versions prior to 1.32.0
  • PDK versions prior to 1.14.0.0

Resolved in:

  • Puppet Agent 5.5.17
  • Puppet Agent 6.4.4
  • Puppet Enterprise 2019.1.3
  • Puppet Enterprise 2018.1.11
  • PE Client Tools 18.1.12
  • PE Client Tools 19.1.5
  • Bolt 1.32.0
  • PDK 1.14.0.0