1159360 – puppet: disable SSLv3 support in Puppet

Bug 1159360 - puppet: disable SSLv3 support in Puppet

Summary: puppet: disable SSLv3 support in Puppet

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	puppet
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	6.0 (Juno)
Assignee:	Martin Magr
QA Contact:	Jaroslav Henner
Docs Contact:
URL:
Whiteboard:
Depends On:	1159355
Blocks:	1159358 CVE-2014-3566, POODLE 1159356
TreeView+	depends on / blocked

Reported:	2014-10-31 16:26 UTC by Vasyl Kaigorodov
Modified:	2016-11-21 02:26 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1159355
Environment:
Last Closed:	2016-11-21 02:26:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2014-10-31 16:26:05 UTC

+++ This bug was initially created as a clone of Bug #1159355 +++

Upstream has released a new version of Puppet, that disables SSLv3 protocol  negotiation to prevent fallback to the insecure protocol.

http://puppetlabs.com/security/cve/poodle-sslv3-vulnerability

Comment 5 Summer Long 2016-10-13 00:35:00 UTC

Whoa, this is OLD, but looks like it was never initially attached to the flaw (CVE-2014-3566). Fixed in puppet-3.7, so all the RHOSP versions except 10 (which uses 3.8) will need to be updated. I'll create the bugs. Thanks for the heads up.

Note You need to log in before you can comment on or make changes to this bug.