Eric Sorenson
2014-Apr-10 05:22 UTC
[Puppet Users] Heartbleed and Puppet-Supported Operating Systems
Like you, we are still learning about the full extent of the OpenSSL security bug dubbed Heartbleed, and what we need to do to help Puppet users remediate the vulnerability. We published step-by-step documentation for remediating yesterday [http://puppetlabs.com/blog/heartbleed-security-bug-update-puppet-users], and we will continue to update you as we learn more and develop new resources. We've finalized a list of vulnerable operating systems supported by Puppet Enterprise, noting the versions of OpenSSL they shipped with. If you are also running open source Puppet, be aware that the range of operating systems you can use is much wider, so not every vulnerable OS is on this list. Keep in mind, regardless of the OS involved, you must check whether you are running OpenSSL versions 1.0.1 and 1.0.2 on your systems. Both are vulnerable. Documentation for remediating the Heartbleed issue is linked below the lists. For more help, check out the Heartbleed and certificate discussions here on the email list Vulnerable Operating Systems and their versions of OpenSSL Debian Wheezy (stable) * OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 (precise) LTS * OpenSSL 1.0.1-4ubuntu5.11 RHEL / CentOS / Scientific 6.5 * OpenSSL 1.0.1e-15 Operating Systems that are Not Vulnerable * RHEL / CentOS / OEL / Scientific 6 (other than 6.5) * RHEL / CentOS / OEL / Scientific 5 (all versions) * RHEL / CentOS 4 * SLES 11 * AIX 5, 6, 7 * Solaris 10, 11 * Windows (all) * Debian Squeeze (old-stable) * Ubuntu 10.04 (Lucid) Step-by-Step Documentation for Remediating the Vulnerability Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in Split Puppet Enterprise Deployments http://docs.puppetlabs.com/pe/3.2/trouble_regenerate_certs_split.html Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in Monolithic Puppet Enterprise Deployments http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in Split Puppet Enterprise Deployments http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_split.html Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in Monolithic Puppet Enterprise Deployments http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_monolithic.html Puppet SSL: Regenerating All Certificates in a Puppet Deployment http://docs.puppetlabs.com/puppet/latest/reference/ssl_regenerate_certificates.html Eric Sorenson - eric.sorenson@puppetlabs.com - freenode #puppet: eric0 puppet platform // coffee // techno // bicycles -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/86C75987-61F4-4205-AFF5-5AD25A7946F6%40puppetlabs.com. For more options, visit https://groups.google.com/d/optout.