On November 9, 2017 Postgresql announced several vulnerabilities. Puppet Enterprise prior to 2016.4.10 and 2017.3.3 included a vulnerable version of Postgresql. Puppet Enterprise is not vulnerable to CVE-2017-15098. Puppet Enterprise 2016.4.10 and 2017.3.3 include an updated Postgresql to address CVE-2017-15099 and CVE-2017-12172.
For more information about this vulnerability, refer to the Postgresql’s security announcement(https://www.postgresql.org/about/news/1801/)
Affected software versions: