Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation.
|Package||app-admin/mcollective on all architectures|
|Affected versions||< 2.5.3|
|Unaffected versions||>= 2.5.3|
MCollective is a framework to build server orchestration or parallel job execution systems.
Two vulnerabilities have been found in MCollective:
A local attacker can execute arbitrary a Trojan horse shared library, potentially resulting in arbitrary code execution and privilege escalation. Furthermore, a local attacker may be able to establish unauthorized MCollective connections.
There is no known workaround at this time.
All MCollective users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/mcollective-2.5.3"