A security issue in torque has been announced on October 2: http://openwall.com/lists/oss-security/2014/10/02/45 Upstream commits are referenced in the message above. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
thanks for the link; I'll update everybody asap then. cheers.
I have uploaded a patched package for both Mageia 3 & 4 fixing the security hole CVE-2014-3684. I have backported the upstream fix: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9f2f4c950f3d461a249111c8826da3beaafccace9 for the torque versions distributed in mga3 (4.1.5.1) and mga4 (4.1.6). Suggested advisory: ======================== Updated torque packages fix security vulnerabilities: Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones on any node in a job (CVE-2014-3684). This update implements the upstream fixes. References: http://openwall.com/lists/oss-security/2014/10/02/45 ======================== Updated packages in 3/core/updates_testing: torque-4.1.5.1-1.3.mga3.src.rpm ======================== lib64torque2-4.1.5.1-1.3.mga3 torque-gui-4.1.5.1-1.3.mga3 lib64torque-devel-4.1.5.1-1.3.mga3 torque-mom-4.1.5.1-1.3.mga3 torque-4.1.5.1-1.3.mga3 torque-sched-4.1.5.1-1.3.mga3 torque-client-4.1.5.1-1.3.mga3 torque-server-4.1.5.1-1.3.mga3 ======================== Updated packages in 4/core/updates_testing: SRPM: torque-4.1.6-4.1.mga4.src.rpm ======================== torque-4.1.6-4.1.mga4 lib64torque2-4.1.6-4.1.mga4 torque-client-4.1.6-4.1.mga4 lib64torque-devel-4.1.6-4.1.mga4 torque-server-4.1.6-4.1.mga4 torque-sched-4.1.6-4.1.mga4 torque-mom-4.1.6-4.1.mga54 torque-gui-4.1.6-4.1.mga4
CVE: (none) => CVE-2014-3684Assignee: dirteat => qa-bugs
Thanks Chris! Is Cauldron not affected?
Version: Cauldron => 4Whiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Procedure: https://bugs.mageia.org/show_bug.cgi?id=11421#c2
Whiteboard: MGA3TOO => MGA3TOO has_procedure
In VirtualBox, M3, KDE, 32-bit Package(s) under test: torque torque-server torque-sched torque-mom Test per procedure: https://bugs.mageia.org/show_bug.cgi?id=11421#c2 default install of torque torque-server torque-sched torque-mom [root@localhost wilcal]# urpmi torque Package torque-4.1.5.1-1.2.mga3.i586 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.5.1-1.2.mga3.i586 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.5.1-1.2.mga3.i586 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.5.1-1.2.mga3.i586 is already installed [root@localhost ~]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue, 2014-10-07 08:38:27 PDT; 18s ago Process: 4601 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: name=systemd:/system/pbs_mom.service â 4612 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running install torque torque-server torque-sched torque-mom from updates_testing [root@localhost wilcal]# urpmi torque Package torque-4.1.5.1-1.3.mga3.i586 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.5.1-1.3.mga3.i586 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.5.1-1.3.mga3.i586 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.5.1-1.3.mga3.i586 is already installed [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue, 2014-10-07 08:42:29 PDT; 27s ago Process: 5811 ExecStop=/etc/rc.d/init.d/pbs_mom stop..... Process: 5860 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: name=systemd:/system/pbs_mom.service â 5871 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.intWhiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA3-32-OK
In VirtualBox, M3, KDE, 64-bit Package(s) under test: torque torque-server torque-sched torque-mom lib64torque2 Test per procedure: https://bugs.mageia.org/show_bug.cgi?id=11421#c2 default install of torque torque-server torque-sched torque-mom lib64torque2 [root@localhost wilcal]# urpmi torque Package torque-4.1.5.1-1.2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.5.1-1.2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.5.1-1.2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.5.1-1.2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi lib64torque2 Package lib64torque2-4.1.5.1-1.2.mga3.x86_64 is already installed writing /var/lib/rpm/installed-through-deps.list [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue, 2014-10-07 09:10:17 PDT; 1min 0s ago Process: 3563 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: name=systemd:/system/pbs_mom.service â 3574 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running install torque torque-server torque-sched torque-mom lib64torque2 from updates_testing Stop and restart pbs services [root@localhost wilcal]# urpmi torque Package torque-4.1.5.1-1.3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.5.1-1.3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.5.1-1.3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.5.1-1.3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi lib64torque2 Package lib64torque2-4.1.5.1-1.3.mga3.x86_64 is already installed [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue, 2014-10-07 09:21:11 PDT; 26s ago Process: 5090 ExecStop=/etc/rc.d/init.d/pbs_mom stop..... Process: 5237 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: name=systemd:/system/pbs_mom.service â 5248 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO has_procedure MGA3-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK
In VirtualBox, M4, KDE, 32-bit Package(s) under test: torque torque-server torque-sched torque-mom libtorque2 Test per procedure: https://bugs.mageia.org/show_bug.cgi?id=11421#c2 default install of torque torque-server torque-sched torque-mom libtorque2 [root@localhost wilcal]# urpmi torque Package torque-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi libtorque2 Package libtorque2-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue 2014-10-07 09:33:27 PDT; 25s ago Process: 5397 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: /system.slice/pbs_mom.service ââ5408 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running install torque torque-server torque-sched torque-mom libtorque2 from updates_testing Stop and restart pbs services [root@localhost wilcal]# urpmi torque Package torque-4.1.6-4.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.6-4.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.6-4.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.6-4.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libtorque2 Package libtorque2-4.1.6-4.1.mga4.i586 is already installed [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue 2014-10-07 09:36:22 PDT; 1min 20s ago Process: 7571 ExecStop=/etc/rc.d/init.d/pbs_mom stop..... Process: 7720 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: /system.slice/pbs_mom.service ââ7731 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: torque torque-server torque-sched torque-mom lib64torque2 Test per procedure: https://bugs.mageia.org/show_bug.cgi?id=11421#c2 default install of torque torque-server torque-sched torque-mom lib64torque2 [root@localhost wilcal]# urpmi torque Package torque-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# urpmi lib64torque2 Package libtorque2-4.1.6-4.mga4.i586 is already installed [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue 2014-10-07 09:33:27 PDT; 25s ago Process: 5397 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: /system.slice/pbs_mom.service ââ5408 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running install torque torque-server torque-sched torque-mom libtorque2 from updates_testing Stop and restart pbs services [root@localhost wilcal]# urpmi torque Package torque-4.1.6-4.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi torque-server Package torque-server-4.1.6-4.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi torque-sched Package torque-sched-4.1.6-4.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi torque-mom Package torque-mom-4.1.6-4.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64torque2 Package lib64torque2-4.1.6-4.1.mga4.x86_64 is already installed [root@localhost wilcal]# service pbs_mom status pbs_mom.service - LSB: The Torque node manager MOM Loaded: loaded (/etc/rc.d/init.d/pbs_mom) Active: active (running) since Tue 2014-10-07 09:57:42 PDT; 1min 33s ago Process: 6467 ExecStop=/etc/rc.d/init.d/pbs_mom stop..... Process: 6703 ExecStart=/etc/rc.d/init.d/pbs_mom start..... CGroup: /system.slice/pbs_mom.service ââ6714 /usr/sbin/pbs_mom -p -d /var/spool/torque pbs_mom is running Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
For me this update works fine. Many thanks to Claire for a great procedure Testing complete for mga3 32-bit & 64-bit Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO has_procedure advisory MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
Chris, just in case you didn't see this on the -dev list, a problem in the Cauldron package: https://ml.mageia.org/l/arc/dev/2014-10/msg00321.html I checked the Mageia 4 build and it's not affected by this issue.
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0408.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/615625/
thanks guys, sorry, I missed all your posts as I am always forgetting to add me in CC when I change to bug assignment to QA :) I see everything is good, fortunately. cheers.
CC: (none) => dirteat