Advisories » MGASA-2013-0327

Updated torque packages fix CVE-2013-4495

Publication date: 18 Nov 2013
Modification date: 18 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4495

Description

Updated torque packages fix security vulnerability:

A user could submit executable shell commands on the tail of what is passed
with the -M switch for qsub. This was later passed to a pipe, making it
possible for these commands to be executed as root on the pbs_server
(CVE-2013-4495).
                

References

• http://www.supercluster.org/pipermail/torqueusers/2013-November/016425.html
• http://www.debian.org/security/2013/dsa-2796
• https://bugs.mageia.org/show_bug.cgi?id=11670
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4495

SRPMS

3/core

• torque-4.1.5.1-1.2.mga3

2/core

• torque-2.5.12-1.2.mga2