Hi Darin, Just to clarify - I believe SLES 11 was listed under the section "Operating Systems that are Not Vulnerable." Are you referring to a different document that has been posted?
On Thu, Apr 10, 2014 at 3:34 AM, Darin Perusich <da...@darins.net> wrote: > You've listed SLES 11 as vulnerable, it is not. However OpenSUSE 12.3 and > 13.1 are affected and patches have been released. > > http://support.novell.com/security/cve/CVE-2014-0160.html > http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html > > On Apr 10, 2014 1:22 AM, "Eric Sorenson" <eric.soren...@puppetlabs.com> > wrote: >> >> Like you, we are still learning about the full extent of the OpenSSL >> security bug dubbed Heartbleed, and what we need to do to help Puppet users >> remediate the vulnerability. We published step-by-step documentation for >> remediating yesterday >> [http://puppetlabs.com/blog/heartbleed-security-bug-update-puppet-users], >> and we will continue to update you as we learn more and develop new >> resources. >> >> We've finalized a list of vulnerable operating systems supported by Puppet >> Enterprise, noting the versions of OpenSSL they shipped with. If you are >> also running open source Puppet, be aware that the range of operating >> systems you can use is much wider, so not every vulnerable OS is on this >> list. >> >> Keep in mind, regardless of the OS involved, you must check whether you >> are running OpenSSL versions 1.0.1 and 1.0.2 on your systems. Both are >> vulnerable. >> >> Documentation for remediating the Heartbleed issue is linked below the >> lists. For more help, check out the Heartbleed and certificate discussions >> here on the email list >> Vulnerable Operating Systems and their versions of OpenSSL >> Debian Wheezy (stable) >> * OpenSSL 1.0.1e-2+deb7u4 >> Ubuntu 12.04.4 (precise) LTS >> * OpenSSL 1.0.1-4ubuntu5.11 >> RHEL / CentOS / Scientific 6.5 >> * OpenSSL 1.0.1e-15 >> Operating Systems that are Not Vulnerable >> * RHEL / CentOS / OEL / Scientific 6 (other than 6.5) >> * RHEL / CentOS / OEL / Scientific 5 (all versions) >> * RHEL / CentOS 4 >> * SLES 11 >> * AIX 5, 6, 7 >> * Solaris 10, 11 >> * Windows (all) >> * Debian Squeeze (old-stable) >> * Ubuntu 10.04 (Lucid) >> >> Step-by-Step Documentation for Remediating the Vulnerability >> >> Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in >> Split Puppet Enterprise Deployments >> http://docs.puppetlabs.com/pe/3.2/trouble_regenerate_certs_split.html >> >> Puppet Enterprise 3.x: Regenerating Certs and Security Credentials in >> Monolithic Puppet Enterprise Deployments >> >> http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html >> >> Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in >> Split Puppet Enterprise Deployments >> http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_split.html >> >> Puppet Enterprise 2.x: Regenerating Certs and Security Credentials in >> Monolithic Puppet Enterprise Deployments >> http://docs.puppetlabs.com/pe/2.8/trouble_regenerate_certs_monolithic.html >> >> Puppet SSL: Regenerating All Certificates in a Puppet Deployment >> >> http://docs.puppetlabs.com/puppet/latest/reference/ssl_regenerate_certificates.html >> >> Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 >> puppet platform // coffee // techno // bicycles >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/86C75987-61F4-4205-AFF5-5AD25A7946F6%40puppetlabs.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CADaviKtQGxn41o04-rFdfeU2ewFVAQkNPRrCqmr6OgfSaaTLqw%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2B421WaYfEyqi2LRRjfcwRxgkZyHc1XKfMWiVUyMTsoC-0fFUw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
