One correction: It was brought to our attention that the announcement referenced OpenSSL CVE-2013-6449. That was incorrect. The correct advisory is CVE-2013-6550, for more information, see http://puppetlabs.com/security/cve/cve-2013-6450.
On Thu, Jan 30, 2014 at 1:08 PM, Rob Braden <[email protected]> wrote: > Dear Puppet Enterprise Users, > > Puppet Enterprise 3.1.2 is now available. > > This is a bug fix and security release of Puppet Enterprise. All users of > Puppet Enterprise 3.x are encouraged to upgrade when possible to > Puppet Enterprise 3.1.2 > > Puppet Enterprise 3.1.2 includes fixes to address a regression in Puppet > Enterprise 3.1.1 where the unspecified default file mode in Puppet was set > to 0600 instead of 0644. > > Also included is an updated OpenSSL library to address CVE-2013-6449. > > For more information on this vulnerability, please visit > http://puppetlabs.com/security, or visit > http://puppetlabs.com/security/cve/cve-2013-6449 > > As a current Puppet Enterprise user, you can upgrade to this new version > as part of your annual subscription. If upgrading, it is recommended to > upgrade your master and console servers first. > > As always, we want to hear about your experiences with Puppet Enterprise. > > If you have any questions about upgrading, be sure to get in touch > with Puppet Labs Support. > > Thanks, > Rob Braden > Release Engineer > Puppet Labs > > *Join us at PuppetConf 2014, September 23-24 in San Francisco - * > http://bit.ly/pupconf14 > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANrW%3D%3D3UfbC_5aCEg3z4Y0SRo6ge4omuyJGzZN%2BgiZdLJYyCxg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
