CVE-2014-3566 - POODLE SSLv3 Vulnerability

  • Posted October 28, 2014 (updated November 11, 2014)

    Assessed Risk Level: Medium

On October 14th, the OpenSSL project announced CVE-2014-3566, the POODLE attack vulnerability in the SSLv3 protocol. Fixes for this vulnerability disable SSLv3 protocol negotiation to prevent fallback to the insecure protocol.


Resolved in:

  • Puppet Enterprise 3.7.0
  • Manual remediation provided for Puppet Enterprise 3.3
  • Puppet 3.7.2, Puppet-Server 0.3.0, PuppetDB 2.2, MCollective 2.6.1
  • Users of Puppet Enterprise 3.3 who cannot upgrade can follow the remediation instructions in our impact assessment.