You've listed SLES 11 as vulnerable, it is not. However OpenSUSE 12.3 and 13.1 are affected and patches have been released.
http://support.novell.com/security/cve/CVE-2014-0160.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html On Apr 10, 2014 1:22 AM, "Eric Sorenson" <[email protected]> wrote: > Like you, we are still learning about the full extent of the OpenSSL > security bug dubbed Heartbleed, and what we need to do to help Puppet users > remediate the vulnerability. We published step-by-step documentation for > remediating yesterday [ > http://puppetlabs.com/blog/heartbleed-security-bug-update-puppet-users], > and we will continue to update you as we learn more and develop new > resources. > > We've finalized a list of vulnerable operating systems supported by Puppet > Enterprise, noting the versions of OpenSSL they shipped with. If you are > also running open source Puppet, be aware that the range of operating > systems you can use is much wider, so not every vulnerable OS is on this > list. > > Keep in mind, regardless of the OS involved, you must check whether you > are running OpenSSL versions 1.0.1 and 1.0.2 on your systems. Both are > vulnerable. > > Documentation for remediating the Heartbleed issue is linked below the > lists. For more help, check out the Heartbleed and certificate discussions > here on the email list > Vulnerable Operating Systems and their versions of OpenSSL > Debian Wheezy (stable) > * OpenSSL 1.0.1e-2+deb7u4 > Ubuntu 12.04.4 (precise) LTS > * OpenSSL 1.0.1-4ubuntu5.11 > RHEL / CentOS / Scientific 6.5 > * OpenSSL 1.0.1e-15 > Operating Systems that are Not Vulnerable > * RHEL / CentOS / OEL / Scientific 6 (other than 6.5) > * RHEL / CentOS / OEL / Scientific 5 (all versions) > * RHEL / CentOS 4 > * SLES 11 > * AIX 5, 6, 7 > * Solaris 10, 11 > * Windows (all) > * Debian Squeeze (old-stable) > * Ubuntu 10.04 (Lucid) > > Step-by-Step Documentation for Remediating the Vulnerability > > Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in > Split Puppet Enterprise Deployments > http://docs.puppetlabs.com/pe/3.2/trouble_regenerate_certs_split.html > > Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in > Monolithic Puppet Enterprise Deployments > > http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html > > Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in > Split Puppet Enterprise Deployments > http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_split.html > > Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in > Monolithic Puppet Enterprise Deployments > http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_monolithic.html > > Puppet SSL: Regenerating All Certificates in a Puppet Deployment > > http://docs.puppetlabs.com/puppet/latest/reference/ssl_regenerate_certificates.html > > Eric Sorenson - [email protected] - freenode #puppet: eric0 > puppet platform // coffee // techno // bicycles > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/86C75987-61F4-4205-AFF5-5AD25A7946F6%40puppetlabs.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADaviKtQGxn41o04-rFdfeU2ewFVAQkNPRrCqmr6OgfSaaTLqw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
