Overview

PostgreSQL February 2015 Security Fixes

  • Posted April 28, 2015

  • Assessed Risk Level: Medium

On February 5th, the PostgreSQL project announced several security vulnerabilities in PostgreSQL. The impact of these vulnerabilities includes information leakage, denial of service, SQL injection, and possible privilege escalation. However, all of the vulnerabilities require prior database authentication.

Puppet Enterprise versions prior to 3.8.0 contained a vulnerable version of PostgreSQL. Puppet Enterprise 3.8.0 contains an updated version of PostgreSQL that has patched the vulnerabilities.

For more information about the PostgreSQL vulnerabilities, refer to the PostgreSQL security announcement.

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x

Resolved in:

  • Puppet Enterprise 3.8.0