GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Dec 27, 2014 12:26 am Post subject: [ GLSA 201412-47 ] TORQUE Resource Manager |
|
|
Gentoo Linux Security Advisory
Title: TORQUE Resource Manager: Multiple vulnerabilities (GLSA 201412-47)
Severity: high
Exploitable: local, remote
Date: December 26, 2014
Bug(s): #372959, #378805, #390167, #484320, #491270, #510726
ID: 201412-47
Synopsis
Multiple vulnerabilities have been found in TORQUE Resource
Manager, possibly resulting in escalation of privileges or remote code
execution.
Background
TORQUE is a resource manager and queuing system based on OpenPBS.
Affected Packages
Package: sys-cluster/torque
Vulnerable: < 4.1.7
Unaffected: >= 4.1.7
Unaffected: >= 2.5.13 < 2.5.14
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in TORQUE Resource
Manager. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker may be able to gain escalated privileges,
execute arbitrary code, or bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All TORQUE Resource Manager 4.x users should upgrade to the latest
version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/torque-4.1.7"
| All TORQUE Resource Manager 2.x users should upgrade to the latest
version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.5.13"
| NOTE: One or more of the issues described in this advisory have been
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no longer
affected by them.
References
CVE-2011-2193
CVE-2011-2907
CVE-2011-4925
CVE-2013-4319
CVE-2013-4495
CVE-2014-0749
Last edited by GLSA on Thu Jun 18, 2015 4:16 am; edited 1 time in total |
|