Posted August 6, 2015
Assessed Risk Level: Medium
Earlier this year, the Libevent project announced a security vulnerability in the Libevent evbuffer APIs. Puppet Enterprise versions prior to 3.8.2 contained a vulnerable version of Libevent. Puppet Enterprise 3.8.2 contains an updated version of Libevent that has fixed the vulnerability.
For more information about the vulnerability, please refer to CVE-2014-6272 .
Affected Software Versions: