First published: Wed Mar 20 2013(Updated: )
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | =2.7.2 | |
Puppet Puppet | =2.7.3 | |
Puppet Puppet | =2.7.4 | |
Puppet Puppet | =2.7.5 | |
Puppet Puppet | =2.7.6 | |
Puppet Puppet | =2.7.7 | |
Puppet Puppet | =2.7.8 | |
Puppet Puppet | =2.7.9 | |
Puppet Puppet | =2.7.10 | |
Puppet Puppet | =2.7.11 | |
Puppet Puppet | =2.7.12 | |
Puppet Puppet | =2.7.13 | |
Puppet Puppet | =2.7.14 | |
Puppet Puppet | =2.7.16 | |
Puppet Puppet | =2.7.17 | |
Puppet Puppet | =2.7.18 | |
Puppetlabs Puppet | =2.7.0 | |
Puppetlabs Puppet | =2.7.1 | |
Puppetlabs Puppet | =2.7.19 | |
Puppetlabs Puppet | =2.7.20 | |
Puppetlabs Puppet | =2.7.20-rc1 | |
Puppet Puppet Enterprise | =3.1.0 | |
Puppetlabs Puppet | =2.7.0 | |
Puppetlabs Puppet | =2.7.1 | |
Canonical Ubuntu Linux | =11.10 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.