BugTraq
[ MDVSA-2013:252 ] torque Oct 18 2013 11:21AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:252
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : torque
Date : October 18, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated torque package fixes security vulnerability:

A non-priviledged user who was able to run jobs or login to a node
which ran pbs_server or pbs_mom, could submit arbitrary jobs to a
pbs_mom daemon to queue and run the job, which would run as root
(CVE-2013-4319).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4319
http://advisories.mageia.org/MGASA-2013-0308.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
ecf9ba51010237b4eb662fe0b4009736 mbs1/x86_64/lib64torque2-4.1.5.1-1.mbs1.x86_64.rpm
a2fa7539e71ba552c1706af321e2c9be mbs1/x86_64/lib64torque-devel-4.1.5.1-1.mbs1.x86_64.rpm
5a6f150ecade9817b4fb033b5cf7ffc0 mbs1/x86_64/torque-4.1.5.1-1.mbs1.x86_64.rpm
013d06e3894b13f7ec70042fe0f5c4d2 mbs1/x86_64/torque-client-4.1.5.1-1.mbs1.x86_64.rpm
16cdc8bd8b1ba3cd5670f4c60d5af873 mbs1/x86_64/torque-gui-4.1.5.1-1.mbs1.x86_64.rpm
17b84ee3cb4dcd4f1303dd17b16a6640 mbs1/x86_64/torque-mom-4.1.5.1-1.mbs1.x86_64.rpm
d62544241ebe740ebe21cc67cd3f72b0 mbs1/x86_64/torque-sched-4.1.5.1-1.mbs1.x86_64.rpm
4e0d841242f7f27b597d38213ae1b70a mbs1/x86_64/torque-server-4.1.5.1-1.mbs1.x86_64.rpm
a9f9b6c2a113892387314513b1baeb79 mbs1/SRPMS/torque-4.1.5.1-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSYO96mqjQ0CJFipgRAkr3AKC6FwgxVJBdlVzk9CyRUR4KMkNn6gCg3ol3
ZYtHufvTpO+Pz4RRmMvO3X0=
=8qSe
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus