Hi Darin, Just to clarify - I believe SLES 11 was listed under the section "Operating Systems that are Not Vulnerable." Are you referring to a different document that has been posted?
On Thu, Apr 10, 2014 at 3:34 AM, Darin Perusich <[email protected]> wrote: > You've listed SLES 11 as vulnerable, it is not. However OpenSUSE 12.3 and > 13.1 are affected and patches have been released. > > http://support.novell.com/security/cve/CVE-2014-0160.html > http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html > > On Apr 10, 2014 1:22 AM, "Eric Sorenson" <[email protected]> > wrote: >> >> Like you, we are still learning about the full extent of the OpenSSL >> security bug dubbed Heartbleed, and what we need to do to help Puppet users >> remediate the vulnerability. We published step-by-step documentation for >> remediating yesterday >> [http://puppetlabs.com/blog/heartbleed-security-bug-update-puppet-users], >> and we will continue to update you as we learn more and develop new >> resources. >> >> We've finalized a list of vulnerable operating systems supported by Puppet >> Enterprise, noting the versions of OpenSSL they shipped with. If you are >> also running open source Puppet, be aware that the range of operating >> systems you can use is much wider, so not every vulnerable OS is on this >> list. >> >> Keep in mind, regardless of the OS involved, you must check whether you >> are running OpenSSL versions 1.0.1 and 1.0.2 on your systems. Both are >> vulnerable. >> >> Documentation for remediating the Heartbleed issue is linked below the >> lists. For more help, check out the Heartbleed and certificate discussions >> here on the email list >> Vulnerable Operating Systems and their versions of OpenSSL >> Debian Wheezy (stable) >> * OpenSSL 1.0.1e-2+deb7u4 >> Ubuntu 12.04.4 (precise) LTS >> * OpenSSL 1.0.1-4ubuntu5.11 >> RHEL / CentOS / Scientific 6.5 >> * OpenSSL 1.0.1e-15 >> Operating Systems that are Not Vulnerable >> * RHEL / CentOS / OEL / Scientific 6 (other than 6.5) >> * RHEL / CentOS / OEL / Scientific 5 (all versions) >> * RHEL / CentOS 4 >> * SLES 11 >> * AIX 5, 6, 7 >> * Solaris 10, 11 >> * Windows (all) >> * Debian Squeeze (old-stable) >> * Ubuntu 10.04 (Lucid) >> >> Step-by-Step Documentation for Remediating the Vulnerability >> >> Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in >> Split Puppet Enterprise Deployments >> http://docs.puppetlabs.com/pe/3.2/trouble_regenerate_certs_split.html >> >> Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in >> Monolithic Puppet Enterprise Deployments >> >> http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html >> >> Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in >> Split Puppet Enterprise Deployments >> http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_split.html >> >> Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in >> Monolithic Puppet Enterprise Deployments >> http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_monolithic.html >> >> Puppet SSL: Regenerating All Certificates in a Puppet Deployment >> >> http://docs.puppetlabs.com/puppet/latest/reference/ssl_regenerate_certificates.html >> >> Eric Sorenson - [email protected] - freenode #puppet: eric0 >> puppet platform // coffee // techno // bicycles >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/86C75987-61F4-4205-AFF5-5AD25A7946F6%40puppetlabs.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CADaviKtQGxn41o04-rFdfeU2ewFVAQkNPRrCqmr6OgfSaaTLqw%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2B421WaYfEyqi2LRRjfcwRxgkZyHc1XKfMWiVUyMTsoC-0fFUw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
