Advisories » MGASA-2013-0308

Updated torque packages fix CVE-2013-4319

Publication date: 17 Oct 2013
Modification date: 17 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4319

Description

Updated torque package fixes security vulnerability:

A non-priviledged user who was able to run jobs or login to a node which ran
pbs_server or pbs_mom, could submit arbitrary jobs to a pbs_mom daemon to queue
and run the job, which would run as root (CVE-2013-4319).
                

References

• http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
• http://www.debian.org/security/2013/dsa-2770
• https://bugs.mageia.org/show_bug.cgi?id=11421
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4319

SRPMS

2/core

• torque-2.5.12-1.1.mga2

3/core

• torque-4.1.5.1-1.1.mga3