Ask Your Question
1

alert security CVE-2013-6450

asked 2014-02-03 11:23:53 -0500

stanislas93 gravatar image

updated 2014-02-04 11:57:19 -0500

ramindk gravatar image

Hi,

I would like to know if the alert security : CVE-2013-6450 (Potential denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.) Is it only Puppet Enterprise or Puppet open source too?

regards

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2014-02-04 12:25:30 -0500

ramindk gravatar image

Your system Ruby most likely links against the Openssl your distro ships. It appears that Puppet Enterprise ships its own build of openssl which is why a new PE package was released. If you're an open source user, you can update openssl and restart Puppet.

Here's an example with the Ruby versions I have within rvm. libssl are the shared openssl libs.

locate openssl.so
  /home/ramindk/.rvm/rubies/ruby-1.8.7-p374/lib/ruby/1.8/x86_64-linux/openssl.so
  /home/ramindk/.rvm/rubies/ruby-1.9.3-p448/lib/ruby/1.9.1/x86_64-linux/openssl.so
  /home/ramindk/.rvm/rubies ...
(more)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2014-02-03 11:23:53 -0500

Seen: 36 times

Last updated: Feb 04 '14