Posted April 28, 2015
Assessed Risk Level: Medium
On February 5th, the PostgreSQL project announced several security vulnerabilities in PostgreSQL. The impact of these vulnerabilities includes information leakage, denial of service, SQL injection, and possible privilege escalation. However, all of the vulnerabilities require prior database authentication.
Puppet Enterprise versions prior to 3.8.0 contained a vulnerable version of PostgreSQL.
Puppet Enterprise 3.8.0 contains an updated version of PostgreSQL that has patched the vulnerabilities.
For more information about the PostgreSQL vulnerabilities, refer to the PostgreSQL security announcement.
Affected Software Versions: