On December 7, 2017 OpenSSL announced several vulnerabilities.
Previous versions of Puppet Enterprise shipped with a vulnerable version of OpenSSL. Puppet Enterprise 2016.4.10 and 2017.3.3 contain and updated version of OpenSSL which has addressed these vulnerabilities.
For more information about this vulnerability, refer to the OpenSSL vulnerability release notes. (https://www.openssl.org/news/secadv/20171102.txt and https://www.openssl.org/news/secadv/20171207.txt)
Affected software versions: