Announce: Mcollective 2.5.2 [ Security Release ]
11 views
Skip to first unread message
Moses Mendoza
Jun 10, 2014, 2:17:53 PM6/10/14
to puppet-...@googlegroups.com, puppet...@googlegroups.com, puppe...@googlegroups.com
Mcollective 2.5.2 is a security fix release in the Mcollective 2.5
series. This release addresses CVE-2014-3248. It has no other bug
fixes or new features. All users of Mcollective 2.5.1 and earlier are
encouraged to update to 2.5.2.
** CVE-2014-3248 **
Arbitrary Code Execution with Required Social Engineering
An attacker could convince an administrator to unknowingly create and
execute malicious code on platforms with Ruby 1.9.1 and earlier.
CVSSv2 Score: 5.2
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Affected Mcollective versions (ruby 1.9.1 and earlier only):
All
Fixed Mcollective versions:
2.5.2
For more information on this vulnerability, please visit
https://puppetlabs.com/security/cve/cve-2014-3248
To report issues with the release, file a ticket in the "MCO" project
on http://tickets.puppetlabs.com/ and set the "Affects version/s"
field to "2.5.2"
--
Moses Mendoza
Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
Register by July 31st to take advantage of the Early Bird discount —save $249!
series. This release addresses CVE-2014-3248. It has no other bug
fixes or new features. All users of Mcollective 2.5.1 and earlier are
encouraged to update to 2.5.2.
** CVE-2014-3248 **
Arbitrary Code Execution with Required Social Engineering
An attacker could convince an administrator to unknowingly create and
execute malicious code on platforms with Ruby 1.9.1 and earlier.
CVSSv2 Score: 5.2
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Affected Mcollective versions (ruby 1.9.1 and earlier only):
All
Fixed Mcollective versions:
2.5.2
For more information on this vulnerability, please visit
https://puppetlabs.com/security/cve/cve-2014-3248
To report issues with the release, file a ticket in the "MCO" project
on http://tickets.puppetlabs.com/ and set the "Affects version/s"
field to "2.5.2"
--
Moses Mendoza
Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
Register by July 31st to take advantage of the Early Bird discount —save $249!
Reply all
Reply to author
Forward
0 new messages