Incorrect permission in /var/spool/pbs directory causes pbs_server pbs_sched and pbs_mom all to fail loading. For torque-client the following commands fix the issue chmod -R 1755 /var/spool/pbs/* chmod -R 1777 /var/spool/pbs/spool chmod -R 1777 /var/spool/pbs/undelivered Similar for torque
Keywords: (none) => Junior_jobSource RPM: (none) => torque
This is also missing a fix for CVE-2011-2193. Fedora has issued an advisory on June 10, 2011: http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html Debian has issued an advisory on October 27: http://www.debian.org/security/2011/dsa-2329
Version: 2 => CauldronURL: (none) => http://lwn.net/Vulnerabilities/448650/Hardware: x86_64 => AllComponent: RPM Packages => SecurityCC: (none) => luigiwalserAssignee: bugsquad => fundawangSummary: torque and torque-client have incorrect permissions => torque and torque-client have incorrect permissions (also CVE-2011-2193)Whiteboard: (none) => MGA2TOO
Hi there, for many other reasons, torque has been updated to 2.5.12 on Cauldron; which is not concerned by CVE-2011-2193 according to: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193 Also, pbs_server, pbs_mom and pbs_sched work with default installation permissions now (at least on my machines). Let me know if you still have those problems. Cheers, Chris. PS: for mga2, I don't know if we can update it to 2.5.12 too?
CC: (none) => dirteat
(In reply to comment #2) > PS: for mga2, I don't know if we can update it to 2.5.12 too? Since it has been unmaintained, if that's the easiest way to address these issues, we can do that. We have done the same for some other packages.
Ok, I am doing it then and write an advisory when it lands on update/testing. I am reassigning the bug the myself. Cheers, Chris.
Assignee: fundawang => dirteat
Dear QA Team, torque-2.5.12-1.mga2 has just landed in core/updates_testing for Mageia 2. You can test it by running the three init.d scripts provided by its packages paying attention to the following points: 1) The sub-package torque-mom should only requires libtorque2 and torque at install (it should not trigger the installation of torque-sched or torque-server). Once installed, running a "service pbs_mom start" should be fine although error messages in the logs (/var/log/messages) are expected if you don't edit the configuration file (/etc/torque/nodes). 2) The other subpackages torque-sched and torque-server install the two services "pbs_server" and "pbs_sched". These services should not failed by issuing the commands "service pbs_server start" and "service pbs_sched start". 3) torque-gui install some graphic tools, it should trigger the installation of torque-client. To test it just run "xpbs" and "xpbsmom" and check that an (ugly) window appears displaying various cool informations. Suggested advisory: ======================== Updated torque packages fix bug 6082 and a security issue (CVE-1234-5678) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193 ======================== Updated packages in core/updates_testing: ======================== lib(64)torque2-2.5.12-1.mga2 lib(64)torque-devel-2.5.12-1.mga2 torque-2.5.12-1.mga2 torque-client-2.5.12-1.mga2 torque-gui-2.5.12-1 torque-mom-2.5.12-1.mga2 torque-sched-2.5.12-1 torque-server-2.5.12-1 Source RPM: torque-2.5.12-1.mga2.src.rpm
Assignee: dirteat => qa-bugs
Version: Cauldron => 2Whiteboard: MGA2TOO => (none)
Thanks Chris! I suggest copying the CVE description from the Debian advisory. Suggested Advisory: ======================== Updated torque packages fix security vulnerability: Bartlomiej Balcerek discovered several buffer overflows in TORQUE server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names (CVE-2011-2193). Additionally, permissions problems that caused pbs_server, pbs_sched, and pbs_mom to fail to load have been corrected. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193 http://www.debian.org/security/2011/dsa-2329
Created attachment 2709 [details] Screenshot of xpbs on Mageia 2 i586
Created attachment 2710 [details] Screenshot of xpbs on Mageia 2 x86-64 As shown by the attachments, there is something wrong on i586. The left four characters are cut off, and the menu is missing, when compared to what is shown on x86-64. Other than the display problems on i586, all suggested tests are working on both i586 and x86-64. As this is a security update, so you want to look into the i586 display problems, or should I go ahead and validate the update?
Ignore comment 7 and comment 8. I've realized it was a difference in the resolution used within the vb guests. Validating the update. Could someone from the sysadmin team push the srpm torque-2.5.12-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and link the following rpm packages from Core Release to Core Updates openssh-server-5.9p1-5.mga2 (Core 32bit Release (distrib31)) openssh-server-5.9p1-5.mga2 (Core Release (distrib1)) Advisory: Updated torque packages fix security vulnerability: Bartlomiej Balcerek discovered several buffer overflows in TORQUE server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names (CVE-2011-2193). Additionally, permissions problems that caused pbs_server, pbs_sched, and pbs_mom to fail to load have been corrected. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193 http://www.debian.org/security/2011/dsa-2329 https://bugs.mageia.org/show_bug.cgi?id=6082
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsDepends on: (none) => 2317Whiteboard: (none) => MGA2-32-OK MGA2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0254
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED