Mcollective 2.5.2 is a security fix release in the Mcollective 2.5 series. This release addresses CVE-2014-3248. It has no other bug fixes or new features. All users of Mcollective 2.5.1 and earlier are encouraged to update to 2.5.2.
** CVE-2014-3248 ** Arbitrary Code Execution with Required Social Engineering An attacker could convince an administrator to unknowingly create and execute malicious code on platforms with Ruby 1.9.1 and earlier. CVSSv2 Score: 5.2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C Affected Mcollective versions (ruby 1.9.1 and earlier only): All Fixed Mcollective versions: 2.5.2 For more information on this vulnerability, please visit https://puppetlabs.com/security/cve/cve-2014-3248 To report issues with the release, file a ticket in the "MCO" project on http://tickets.puppetlabs.com/ and set the "Affects version/s" field to "2.5.2" -- Moses Mendoza Puppet Labs Join us at PuppetConf 2014, September 20-24 in San Francisco Register by July 31st to take advantage of the Early Bird discount —save $249! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2B421WYRKKgsMLpBDnUWKGU0bru8c0%3Dja-X5%3DBovx_pffPaGcg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
