Advisories ยป MGASA-2013-0327

Updated torque packages fix CVE-2013-4495

Publication date: 18 Nov 2013
Modification date: 18 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4495

Description

Updated torque packages fix security vulnerability:

A user could submit executable shell commands on the tail of what is passed
with the -M switch for qsub. This was later passed to a pipe, making it
possible for these commands to be executed as root on the pbs_server
(CVE-2013-4495).
                

References

SRPMS

2/core

3/core