Advisories » MGASA-2014-0408

Updated torque packages fix CVE-2014-3684

Publication date: 09 Oct 2014
Modification date: 09 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3684

Description

Updated torque packages fix security vulnerabilities:

Chad Vizino reported that within a TORQUE Resource Manager job a non-root 
user could use a vulnerability in the tm_adopt() library call to kill 
processes
he/she doesn't own including root-owned ones on any node in a job 
(CVE-2014-3684).

This update implements the upstream fixes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14226
• http://openwall.com/lists/oss-security/2014/10/02/45
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3684

SRPMS

4/core

• torque-4.1.6-4.1.mga4

3/core

• torque-4.1.5.1-1.3.mga3