-
Posted October 28, 2014 (updated November 11, 2014)
Assessed Risk Level: Medium
On October 14th, the OpenSSL project announced CVE-2014-3566, the POODLE attack vulnerability in the SSLv3 protocol. Fixes for this vulnerability disable SSLv3 protocol negotiation to prevent fallback to the insecure protocol.
Status:
Resolved in:
- Puppet Enterprise 3.7.0
- Manual remediation provided for Puppet Enterprise 3.3
- Puppet 3.7.2, Puppet-Server 0.3.0, PuppetDB 2.2, MCollective 2.6.1
- Users of Puppet Enterprise 3.3 who cannot upgrade can follow the remediation instructions in our impact assessment.