Ask Your Question

alert security CVE-2013-6450

asked 2014-02-03 11:23:53 -0500

stanislas93 gravatar image

updated 2014-02-04 11:57:19 -0500

ramindk gravatar image


I would like to know if the alert security : CVE-2013-6450 (Potential denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.) Is it only Puppet Enterprise or Puppet open source too?


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2014-02-04 12:25:30 -0500

ramindk gravatar image

Your system Ruby most likely links against the Openssl your distro ships. It appears that Puppet Enterprise ships its own build of openssl which is why a new PE package was released. If you're an open source user, you can update openssl and restart Puppet.

Here's an example with the Ruby versions I have within rvm. libssl are the shared openssl libs.

  /home/ramindk/.rvm/rubies ...
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2014-02-03 11:23:53 -0500

Seen: 40 times

Last updated: Feb 04 '14