Advisories ยป MGASA-2014-0408

Updated torque packages fix CVE-2014-3684

Publication date: 09 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3684

Description

Updated torque packages fix security vulnerabilities:

Chad Vizino reported that within a TORQUE Resource Manager job a non-root 
user could use a vulnerability in the tm_adopt() library call to kill 
processes
he/she doesn't own including root-owned ones on any node in a job 
(CVE-2014-3684).

This update implements the upstream fixes.
                

References

SRPMS

3/core

4/core