Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372959 (CVE-2011-2193) - <sys-cluster/torque-{2.4.14,2.5.6}: Unspecified vulnerability (CVE-2011-2193)
Summary: <sys-cluster/torque-{2.4.14,2.5.6}: Unspecified vulnerability (CVE-2011-2193)
Status: RESOLVED FIXED
Alias: CVE-2011-2193
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-25 12:18 UTC by GLSAMaker/CVETool Bot
Modified: 2014-12-26 20:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:18:13 UTC 
CVE-2011-2193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2193):
  Multiple buffer overflows in Terascale Open-Source Resource and Queue
  Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6,
  and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges
  via a long Job_Name field in a qsub command to the server, and might allow
  (2) local users to gain privileges via vectors involving a long host
  variable in pbs_iff.
Comment 1 Justin Bronder (RETIRED) gentoo-dev 2011-06-26 02:00:13 UTC 
2.4.14 and 2.5.6 are both in the tree, both can be considered for stable as CR probably isn't going to fix 2.3.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 20:33:03 UTC 
(In reply to comment #1)
> 2.4.14 and 2.5.6 are both in the tree, both can be considered for stable as CR
> probably isn't going to fix 2.3.

Thanks, Justin. Can we move forward? And which version should we target?
Comment 3 Justin Bronder (RETIRED) gentoo-dev 2011-06-26 22:11:14 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > 2.4.14 and 2.5.6 are both in the tree, both can be considered for stable as CR
> > probably isn't going to fix 2.3.
> 
> Thanks, Justin. Can we move forward? And which version should we target?

I'd suggest 2.4.14.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 22:25:13 UTC 
Ok, tnx.

Arches, please test and mark stable:
=sys-cluster/torque-2.4.14
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-06-27 02:37:46 UTC 
amd64:

texlive-basic-2008-r1 has done it again, still, does not emerge.  Subsequently can't emerge with use-doc

emerges with

USE="crypt syslog cpusets -doc drmaa server tk" emerge -1 torque
Comment 6 Agostino Sarubbo gentoo-dev 2011-06-27 17:19:30 UTC 
amd64 ok
Comment 7 Andreas Schürch gentoo-dev 2011-06-28 11:29:46 UTC 
(In reply to comment #5)

> texlive-basic-2008-r1 has done it again, still, does not emerge.  Subsequently
> can't emerge with use-doc

Ian, i've also hit this bug #369883... 
The solution is to rebuild dev-texlive/texlive-latex-2008-r2.

Everything looks fine here on x86 with =sys-cluster/torque-2.4.14, apart from a revdep, but that is not a regression as of bug #328549.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2011-06-29 01:41:06 UTC 
Stable for HPPA.
Comment 9 Christoph Mende (RETIRED) gentoo-dev 2011-06-29 15:05:39 UTC 
amd64 stable
Comment 10 Markus Meier gentoo-dev 2011-06-29 19:43:22 UTC 
x86 stable, thanks Andreas
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2011-07-02 18:36:37 UTC 
alpha/ia64/sparc stable
Comment 12 Mark Loeser (RETIRED) gentoo-dev 2011-07-06 21:34:06 UTC 
ppc64 done
Comment 13 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-07-09 08:46:41 UTC 
ppc stable, last arch done
Comment 14 Tim Sammut (RETIRED) gentoo-dev 2011-07-09 16:19:07 UTC 
Thanks, folks. GLSA request filed.
Comment 15 Justin Lecher (RETIRED) gentoo-dev 2014-09-18 11:57:16 UTC 
All vulnerable versions gone, GLSA issued?
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2014-12-26 20:04:25 UTC 
This issue was resolved and addressed in
 GLSA 201412-47 at http://security.gentoo.org/glsa/glsa-201412-47.xml
by GLSA coordinator Yury German (BlueKnight).