Overview

CVE-2014-3566 - POODLE SSLv3 Vulnerability

Posted October 28, 2014 (updated November 11, 2014)

Assessed Risk Level: Medium

On October 14th, the OpenSSL project announced CVE-2014-3566, the POODLE attack vulnerability in the SSLv3 protocol. Fixes for this vulnerability disable SSLv3 protocol negotiation to prevent fallback to the insecure protocol.

Status:

Resolved in:

Puppet Enterprise 3.7.0
Manual remediation provided for Puppet Enterprise 3.3
Puppet 3.7.2, Puppet-Server 0.3.0, PuppetDB 2.2, MCollective 2.6.1
Users of Puppet Enterprise 3.3 who cannot upgrade can follow the remediation instructions in our impact assessment.

Overview

CVE-2014-3566 - POODLE SSLv3 Vulnerability

Posted October 28, 2014 (updated November 11, 2014)

Assessed Risk Level: Medium

Status: