BugTraq
[ MDVSA-2013:268 ] torque Nov 19 2013 08:04PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:268
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : torque
Date : November 19, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated torque packages fix security vulnerability:

A user could submit executable shell commands on the tail of what is
passed with the -M switch for qsub. This was later passed to a pipe,
making it possible for these commands to be executed as root on the
pbs_server (CVE-2013-4495).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4495
http://advisories.mageia.org/MGASA-2013-0327.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
6f3908db1a327f6db92892fc3a943aac mbs1/x86_64/lib64torque2-4.1.5.1-1.1.mbs1.x86_64.rpm
5cd92b8a3236fd94d8df07fbcdd696a2 mbs1/x86_64/lib64torque-devel-4.1.5.1-1.1.mbs1.x86_64.rpm
ace886ceb50a0c23088f74b8e9b04f17 mbs1/x86_64/torque-4.1.5.1-1.1.mbs1.x86_64.rpm
650ac91d9256061f7356b4d383669cf5 mbs1/x86_64/torque-client-4.1.5.1-1.1.mbs1.x86_64.rpm
e5357ae4db5fe19096f9ce6a8f101b43 mbs1/x86_64/torque-gui-4.1.5.1-1.1.mbs1.x86_64.rpm
63f0d5a32e0b903ab48a27f43cc28158 mbs1/x86_64/torque-mom-4.1.5.1-1.1.mbs1.x86_64.rpm
47b5857882d5ea5870ece99f22cf6508 mbs1/x86_64/torque-sched-4.1.5.1-1.1.mbs1.x86_64.rpm
cf173f08c5a4c6219e2d8b03cc7ab1ab mbs1/x86_64/torque-server-4.1.5.1-1.1.mbs1.x86_64.rpm
c2f38649a61e45132bc6b85b591fc21e mbs1/SRPMS/torque-4.1.5.1-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSi5oFmqjQ0CJFipgRAr89AKDh2NAOj2irnt0Ltjbuz5a8CZmWawCg4DKK
t1mijwE+VozttqLHv0/b5IE=
=Pi2e
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus