Overview

Postgresql November 2017 Security Fixes

  • Posted January 31, 2018

  • Assessed Risk Level: Medium

On November 9, 2017 Postgresql announced several vulnerabilities. Puppet Enterprise prior to 2016.4.10 and 2017.3.3 included a vulnerable version of Postgresql. Puppet Enterprise is not vulnerable to CVE-2017-15098. Puppet Enterprise 2016.4.10 and 2017.3.3 include an updated Postgresql to address CVE-2017-15099 and CVE-2017-12172.

For more information about this vulnerability, refer to the Postgresql’s security announcement(https://www.postgresql.org/about/news/1801/)

Status:

Affected software versions:

  • Puppet Enterprise versions prior to 2016.4.10
  • Puppet Enterprise versions prior to 2017.3.3

Resolved in:

  • Puppet Enterprise 2016.4.10
  • Puppet Enterprise 2017.3.3