User: Password:
Subscribe / Log in / New account

Mandriva alert MDVSA-2013:268 (torque)

Subject:  [Security Announce] [ MDVSA-2013:268 ] torque
Date:  Tue, 19 Nov 2013 21:04:00 +0100
Message-ID:  <>
Archive-link:  Article, Thread

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:268 _______________________________________________________________________ Package : torque Date : November 19, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server (CVE-2013-4495). _______________________________________________________________________ References: _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 6f3908db1a327f6db92892fc3a943aac mbs1/x86_64/lib64torque2- 5cd92b8a3236fd94d8df07fbcdd696a2 mbs1/x86_64/lib64torque-devel- ace886ceb50a0c23088f74b8e9b04f17 mbs1/x86_64/torque- 650ac91d9256061f7356b4d383669cf5 mbs1/x86_64/torque-client- e5357ae4db5fe19096f9ce6a8f101b43 mbs1/x86_64/torque-gui- 63f0d5a32e0b903ab48a27f43cc28158 mbs1/x86_64/torque-mom- 47b5857882d5ea5870ece99f22cf6508 mbs1/x86_64/torque-sched- cf173f08c5a4c6219e2d8b03cc7ab1ab mbs1/x86_64/torque-server- c2f38649a61e45132bc6b85b591fc21e mbs1/SRPMS/torque- _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver 0x22458A98 You can view other update advisories for Mandriva Linux at: If you want to report vulnerabilities, please contact security_(at) _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSi5oFmqjQ0CJFipgRAr89AKDh2NAOj2irnt0Ltjbuz5a8CZmWawCg4DKK t1mijwE+VozttqLHv0/b5IE= =Pi2e -----END PGP SIGNATURE----- To unsubscribe, send a email to with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to _______________________________________________________

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds