drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in torque
Name: |
Mangelnde Rechteprüfung in torque |
|
ID: |
MDVSA-2013:252 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Business Server 1.0 |
|
Datum: |
Fr, 18. Oktober 2013, 16:05 |
|
Referenzen: |
http://advisories.mageia.org/MGASA-2013-0308.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4319 |
|
Applikationen: |
TORQUE Resource Manager |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1382095479-2618-7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:252 http://www.mandriva.com/en/support/security/ _______________________________________________________________________
Package : torque Date : October 18, 2013 Affected: Business Server 1.0 _______________________________________________________________________
Problem Description:
Updated torque package fixes security vulnerability: A non-priviledged user who was able to run jobs or login to a node which ran pbs_server or pbs_mom, could submit arbitrary jobs to a pbs_mom daemon to queue and run the job, which would run as root (CVE-2013-4319). _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4319 http://advisories.mageia.org/MGASA-2013-0308.html _______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64: ecf9ba51010237b4eb662fe0b4009736 mbs1/x86_64/lib64torque2-4.1.5.1-1.mbs1.x86_64.rpm a2fa7539e71ba552c1706af321e2c9be mbs1/x86_64/lib64torque-devel-4.1.5.1-1.mbs1.x86_64.rpm 5a6f150ecade9817b4fb033b5cf7ffc0 mbs1/x86_64/torque-4.1.5.1-1.mbs1.x86_64.rpm 013d06e3894b13f7ec70042fe0f5c4d2 mbs1/x86_64/torque-client-4.1.5.1-1.mbs1.x86_64.rpm 16cdc8bd8b1ba3cd5670f4c60d5af873 mbs1/x86_64/torque-gui-4.1.5.1-1.mbs1.x86_64.rpm 17b84ee3cb4dcd4f1303dd17b16a6640 mbs1/x86_64/torque-mom-4.1.5.1-1.mbs1.x86_64.rpm d62544241ebe740ebe21cc67cd3f72b0 mbs1/x86_64/torque-sched-4.1.5.1-1.mbs1.x86_64.rpm 4e0d841242f7f27b597d38213ae1b70a mbs1/x86_64/torque-server-4.1.5.1-1.mbs1.x86_64.rpm a9f9b6c2a113892387314513b1baeb79 mbs1/SRPMS/torque-4.1.5.1-1.mbs1.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSYO96mqjQ0CJFipgRAkr3AKC6FwgxVJBdlVzk9CyRUR4KMkNn6gCg3ol3 ZYtHufvTpO+Pz4RRmMvO3X0= =8qSe -----END PGP SIGNATURE-----
------------=_1382095479-2618-7 Content-Type: text/plain; charset="UTF-8"; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________
------------=_1382095479-2618-7--
|
|
|
|