Skip to content
This repository has been archived by the owner on Jan 9, 2025. It is now read-only.

Bump puppet-agent's bundled openssl to address CVE-2024-5535 #872

Closed
cthorn42 opened this issue Jun 27, 2024 · 3 comments
Closed

Bump puppet-agent's bundled openssl to address CVE-2024-5535 #872

cthorn42 opened this issue Jun 27, 2024 · 3 comments
Labels
bug Something isn't working triaged Jira issue has been created for this

Comments

@cthorn42
Copy link
Collaborator

Details are listed here: https://www.openssl.org/news/secadv/20240627.txt
Highlights are:

  • rated low
  • haven't released a fix yet

Puppet-agent 7.31.0 has OpenSSL version 1.1.1v (patched of course) and puppet-agent 8.7.0 has OpenSSl version 3.0.13. When a fix for this CVE is released we should patch the former and upgrade the later.
@cthorn42 cthorn42 added the maintenance Maintenance chores are typically excluded from changelogs label Jun 27, 2024
@joshcooper
Copy link
Contributor

Should we move this issue to the puppet-runtime project since that's where the fix will land?

@joshcooper joshcooper added bug Something isn't working and removed maintenance Maintenance chores are typically excluded from changelogs labels Jun 28, 2024
@joshcooper joshcooper transferred this issue from puppetlabs/puppet Jul 3, 2024
@joshcooper joshcooper added the triaged Jira issue has been created for this label Jul 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 3, 2024

Migrated issue to PA-6699

@joshcooper joshcooper changed the title Bump puppet-agent's bundled Curl to address CVE-2024-553 Bump puppet-agent's bundled openssl to address CVE-2024-5535 Jul 3, 2024
@joshcooper joshcooper transferred this issue from puppetlabs/puppet-agent Jul 11, 2024
@joshcooper
Copy link
Contributor

puppet 7/openssl 1.1.1 fixed in #899
puppet 8/openssl 3.0.x fixed in #894

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working triaged Jira issue has been created for this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshcooper @cthorn42