On February 11, 2016 PostgreSQL announced CVE-2016-0773 addressing a vulnerability in regular expression parsing.
Puppet Enterprise 2015.x and 3.8.x contained a vulnerable version of PostgreSQL that allows for a Denial of Service attacks against PuppetDB and the Puppet Enterprise console. Puppet Enterprise 2015.3.3 includes an updated version of PostgreSQL to address this vulnerability.
For more information about the vulnerability, please refer to the PostgreSQL security announcement (http://www.postgresql.org/about/news/1644/).
Affected Software Versions: