lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VirWi-0002iQ-KZ@titan.mandriva.com>
Date: Tue, 19 Nov 2013 21:04:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2013:268 ] torque

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:268
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : torque
 Date    : November 19, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated torque packages fix security vulnerability:
 
 A user could submit executable shell commands on the tail of what is
 passed with the -M switch for qsub. This was later passed to a pipe,
 making it possible for these commands to be executed as root on the
 pbs_server (CVE-2013-4495).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4495
 http://advisories.mageia.org/MGASA-2013-0327.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 6f3908db1a327f6db92892fc3a943aac  mbs1/x86_64/lib64torque2-4.1.5.1-1.1.mbs1.x86_64.rpm
 5cd92b8a3236fd94d8df07fbcdd696a2  mbs1/x86_64/lib64torque-devel-4.1.5.1-1.1.mbs1.x86_64.rpm
 ace886ceb50a0c23088f74b8e9b04f17  mbs1/x86_64/torque-4.1.5.1-1.1.mbs1.x86_64.rpm
 650ac91d9256061f7356b4d383669cf5  mbs1/x86_64/torque-client-4.1.5.1-1.1.mbs1.x86_64.rpm
 e5357ae4db5fe19096f9ce6a8f101b43  mbs1/x86_64/torque-gui-4.1.5.1-1.1.mbs1.x86_64.rpm
 63f0d5a32e0b903ab48a27f43cc28158  mbs1/x86_64/torque-mom-4.1.5.1-1.1.mbs1.x86_64.rpm
 47b5857882d5ea5870ece99f22cf6508  mbs1/x86_64/torque-sched-4.1.5.1-1.1.mbs1.x86_64.rpm
 cf173f08c5a4c6219e2d8b03cc7ab1ab  mbs1/x86_64/torque-server-4.1.5.1-1.1.mbs1.x86_64.rpm 
 c2f38649a61e45132bc6b85b591fc21e  mbs1/SRPMS/torque-4.1.5.1-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSi5oFmqjQ0CJFipgRAr89AKDh2NAOj2irnt0Ltjbuz5a8CZmWawCg4DKK
t1mijwE+VozttqLHv0/b5IE=
=Pi2e
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ