| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Nov 2013 21:04:00 +0100 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2013:268 ] torque -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:268 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : torque Date : November 19, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server (CVE-2013-4495). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4495 http://advisories.mageia.org/MGASA-2013-0327.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 6f3908db1a327f6db92892fc3a943aac mbs1/x86_64/lib64torque2-4.1.5.1-1.1.mbs1.x86_64.rpm 5cd92b8a3236fd94d8df07fbcdd696a2 mbs1/x86_64/lib64torque-devel-4.1.5.1-1.1.mbs1.x86_64.rpm ace886ceb50a0c23088f74b8e9b04f17 mbs1/x86_64/torque-4.1.5.1-1.1.mbs1.x86_64.rpm 650ac91d9256061f7356b4d383669cf5 mbs1/x86_64/torque-client-4.1.5.1-1.1.mbs1.x86_64.rpm e5357ae4db5fe19096f9ce6a8f101b43 mbs1/x86_64/torque-gui-4.1.5.1-1.1.mbs1.x86_64.rpm 63f0d5a32e0b903ab48a27f43cc28158 mbs1/x86_64/torque-mom-4.1.5.1-1.1.mbs1.x86_64.rpm 47b5857882d5ea5870ece99f22cf6508 mbs1/x86_64/torque-sched-4.1.5.1-1.1.mbs1.x86_64.rpm cf173f08c5a4c6219e2d8b03cc7ab1ab mbs1/x86_64/torque-server-4.1.5.1-1.1.mbs1.x86_64.rpm c2f38649a61e45132bc6b85b591fc21e mbs1/SRPMS/torque-4.1.5.1-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSi5oFmqjQ0CJFipgRAr89AKDh2NAOj2irnt0Ltjbuz5a8CZmWawCg4DKK t1mijwE+VozttqLHv0/b5IE= =Pi2e -----END PGP SIGNATURE-----
Powered by blists - more mailing lists