[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VirWj-0002iY-0a@titan.mandriva.com>
Date: Tue, 19 Nov 2013 21:04:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:268 ] torque
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:268
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : torque
Date : November 19, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated torque packages fix security vulnerability:
A user could submit executable shell commands on the tail of what is
passed with the -M switch for qsub. This was later passed to a pipe,
making it possible for these commands to be executed as root on the
pbs_server (CVE-2013-4495).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4495
http://advisories.mageia.org/MGASA-2013-0327.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
6f3908db1a327f6db92892fc3a943aac mbs1/x86_64/lib64torque2-4.1.5.1-1.1.mbs1.x86_64.rpm
5cd92b8a3236fd94d8df07fbcdd696a2 mbs1/x86_64/lib64torque-devel-4.1.5.1-1.1.mbs1.x86_64.rpm
ace886ceb50a0c23088f74b8e9b04f17 mbs1/x86_64/torque-4.1.5.1-1.1.mbs1.x86_64.rpm
650ac91d9256061f7356b4d383669cf5 mbs1/x86_64/torque-client-4.1.5.1-1.1.mbs1.x86_64.rpm
e5357ae4db5fe19096f9ce6a8f101b43 mbs1/x86_64/torque-gui-4.1.5.1-1.1.mbs1.x86_64.rpm
63f0d5a32e0b903ab48a27f43cc28158 mbs1/x86_64/torque-mom-4.1.5.1-1.1.mbs1.x86_64.rpm
47b5857882d5ea5870ece99f22cf6508 mbs1/x86_64/torque-sched-4.1.5.1-1.1.mbs1.x86_64.rpm
cf173f08c5a4c6219e2d8b03cc7ab1ab mbs1/x86_64/torque-server-4.1.5.1-1.1.mbs1.x86_64.rpm
c2f38649a61e45132bc6b85b591fc21e mbs1/SRPMS/torque-4.1.5.1-1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSi5oFmqjQ0CJFipgRAr89AKDh2NAOj2irnt0Ltjbuz5a8CZmWawCg4DKK
t1mijwE+VozttqLHv0/b5IE=
=Pi2e
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists