-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:252 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : torque Date : October 18, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated torque package fixes security vulnerability: A non-priviledged user who was able to run jobs or login to a node which ran pbs_server or pbs_mom, could submit arbitrary jobs to a pbs_mom daemon to queue and run the job, which would run as root (CVE-2013-4319). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4319 http://advisories.mageia.org/MGASA-2013-0308.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: ecf9ba51010237b4eb662fe0b4009736 mbs1/x86_64/lib64torque2-4.1.5.1-1.mbs1.x86_64.rpm a2fa7539e71ba552c1706af321e2c9be mbs1/x86_64/lib64torque-devel-4.1.5.1-1.mbs1.x86_64.rpm 5a6f150ecade9817b4fb033b5cf7ffc0 mbs1/x86_64/torque-4.1.5.1-1.mbs1.x86_64.rpm 013d06e3894b13f7ec70042fe0f5c4d2 mbs1/x86_64/torque-client-4.1.5.1-1.mbs1.x86_64.rpm 16cdc8bd8b1ba3cd5670f4c60d5af873 mbs1/x86_64/torque-gui-4.1.5.1-1.mbs1.x86_64.rpm 17b84ee3cb4dcd4f1303dd17b16a6640 mbs1/x86_64/torque-mom-4.1.5.1-1.mbs1.x86_64.rpm d62544241ebe740ebe21cc67cd3f72b0 mbs1/x86_64/torque-sched-4.1.5.1-1.mbs1.x86_64.rpm 4e0d841242f7f27b597d38213ae1b70a mbs1/x86_64/torque-server-4.1.5.1-1.mbs1.x86_64.rpm a9f9b6c2a113892387314513b1baeb79 mbs1/SRPMS/torque-4.1.5.1-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSYO96mqjQ0CJFipgRAkr3AKC6FwgxVJBdlVzk9CyRUR4KMkNn6gCg3ol3 ZYtHufvTpO+Pz4RRmMvO3X0= =8qSe -----END PGP SIGNATURE-----