All Puppet Enterprise deployments are vulnerable, and Puppet open
source deployments may be, depending upon their site configuration.
We believe this to be a serious risk, and we have confirmed this with
security experts outside of Puppet Labs.
For more information we have the following resources:
* Blog Post with all the details:
* Security links and details:
* Remediation module:
As a result of this vulnerability (CVE-2011-3872) we have released new
version of Puppet.
We will be sending separate announcements about each of those releases.
Release Manager - Puppet Labs