1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2796-1] torque security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Nov 13 20:40:01 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2796-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 13, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : torque
    Vulnerability : arbitrary code execution
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-4495
    Debian Bug : 729333

    Matt Ezell from Oak Ridge National Labs reported a vulnerability in
    torque, a PBS-derived batch processing queueing system.

    A user could submit executable shell commands on the tail of what is
    passed with the -M switch for qsub. This was later passed to a pipe,
    making it possible for these commands to be executed as root on the
    pbs_server.

    For the oldstable distribution (squeeze), this problem has been fixed in version 2.4.8+dfsg-9squeeze3.

    For the stable distribution (wheezy), this problem has been fixed in
    version 2.4.16+dfsg-1+deb7u2.

    For the unstable distribution (sid), this problem has been fixed in
    version 2.4.16+dfsg-1.3.

    We recommend that you upgrade your torque packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.15 (GNU/Linux)

    iQIcBAEBCgAGBQJSg9JgAAoJEAVMuPMTQ89EqOIP/Au7xN2tw30qBBOtnlyDxonv Dqn5FxfAyxvsrBuD4uB4wOELNR8UiqHn1xWcRBLHTP5DJonhAHMH3VeCFJIjfj0a vUcnzu0SnChvrT1OaZEF7M7RzOzT03ylSKwA5ED6U7ZuXOPqWPSXI+hzDhjLuThf S6hrw4yAc9RI6uoMQIK5HHbPf8EwjhO+ep/cXPH7KizCw64xdpqBrkEqNvPS851C m7CjfiGp2nOMLcdr0MUA62P/tRn9PYcCrNLcVge+2TXAtZ4gWctCxd3iud4R8Abt EYnzv8uckW1/yhTyd4l2wc5U34Xbf6O6ZbuQwt9ZzF/s4XNCaX26BLcwTNWYYOmy +YnRW+QqBsiTXIS3W2uTW9w93iwgkP7t087tZx6enllxplqkkI8GNX7bWNXA2lcY iQuCLfxzsNYkhNiGkuf4NgglUbcMEw4D8V4vuHoTAVSwemLLY2ghkwSCLW1ZUHTb wI0gDJPSFp10Z3CORSHJghFX5LH25HgrKDJ4S0Waz5WjBRT21r4Li/bsYHGOMht2 jAyQ3H1Ahfk4KK/IKu5V/q6UoYMtX5On2ozCfTdUa/fLvvQHzDj6zHLmWa+ob3Xg yH+T0Fsj+laxky1N+QeYnN2uMPiAsxKsR1RLvoZk2dniStdldkwR37Pmv9jlFjnf RFqk8VMbBlX9kb5qxPdq
    =z3T1
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)