Summary: | sys-cluster/openpbs possible multiple issues (CVE-2006-5616) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Drew (RETIRED) <aetius> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | enhancement | CC: | hp-cluster, tantive | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://secunia.com/advisories/22637/ | ||||||
Whiteboard: | B1? [maskglsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Matt Drew (RETIRED)
2006-10-30 16:51:35 UTC
attaching patch from duplicate bug #154315, altering title to be more descriptive, adding CVE reference. Created attachment 101596 [details, diff] OpenPBS_2_3_16-security.diff Untested patch from Thomas Biege via bug #154315. *** Bug 154315 has been marked as a duplicate of this bug. *** Pulling in herd for advise. Does openpbs run with root privileges? (In reply to comment #4) > Pulling in herd for advise. Does openpbs run with root privileges? Yeah. And the patch applies clean, although I was unable to find a fixed SRPM on SuSE's servers -- e.g. http://ftp.opensuse.org/pub/opensuse/distribution/SL-10.1/inst-source/suse/src/ does not appear to have any recent OpenPBS patch. is something possible here? otherwise if no upgrade is possible, we should begin to think about p.masking it :( I wouldn't mind just telling people to switch over to Torque. It's based off OpenPBS and is actually maintained. mind someone if i p.mask it advising sys-cluster/torque as a replacement? Fine by me. p.masked, glsa request filled Donnie, an old sys-cluster/mpiexec-0.75 still depends on the vulnerable openpbs. Hi, x86 team, please could you test and mark stable sys-cluster/mpiexec-0.82 if appropriate. If it fails, you can try mpiexec-0.76-r2, thanks. Of course, x86 can...x86 can do a lot...x86 is making you happy, everyday. (In reply to comment #10) > p.masked, glsa request filled You need to p.mask <=sys-cluster/mpiexec-0.76-r1 as well. I commented out the mask due to the dep breakage: sys-cluster/mpiexec-0.75: nonsolvable depset(depends) keyword(x86) profile (default-linux/x86/2006.1/desktop): solutions: [ sys-cluster/openpbs ] remask it without dep breakage please. now with <=sys-cluster/mpiexec-0.75 that should be OK, ping me if there is still something wrong but now repoman is happy. Sorry for the mess. GLSA 200704-04, thanks everybody (In reply to comment #16) > GLSA 200704-04, thanks everybody This ready to close? sys-cluster/openpbs seems nuked. |