Is it ok if i just upgrade puppetmaster to 2.6.12 and still using old puppet.conf with certdnsnames?
The certdnsnames have been abandonned in favor of a new option: http://docs.puppetlabs.com/references/stable/configuration.html#certdnsnames
And if your current client certificates contain a master altSubjectName, you need to rollout a new (from the ground up) CA. Otherwise you're still subject to a possible attack with old certs.
The notes released by puppetlabs are quite detailed about that: http://puppetlabs.com/security/cve/cve-2011-3872/
Unfortunately, if you are affected, this issue is *not* fixed by simply updating a package.
~pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
