Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorycriticalFedoraFedora 33: Pacemaker 2.0.5-rc3 Critical Update Notification
** Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 ** - a little more syncing with upstream spec-file ** Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 ** - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-3d0e38b9e7 2020-11-27 01:20:50.553150 --------------------------------------------------------------------------------Name : pacemaker Product : Fedora 33 Version : 2.0.5 Release : 0.7.rc3.fc33 URL : https://clusterlabs.org/ Summary : Scalable High-Availability cluster resource manager Description : Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : cibsecrets coverage doc hardening pre_release profiling --------------------------------------------------------------------------------Update Information: ** Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 ** - a little more syncing with upstream spec-file ** Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 ** - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc3 -Corosync in Fedora now provides corosync-devel as well in isa-flavor ** Sun Nov 1 2020 Klaus Wenninger - 2.0.5-0.5.rc2 ** - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog fileor https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 -Remove dependencies to nagios-plugins from metadata-package - some sync with structure of upstream spec-file - removed some legacy conditionals - added with-cibsecrets - enable some basic gating-tests - remove building documentation using publican from ELN - rename doc-dir for ELN ---- - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 -Remove dependencies to nagios-plugins from metadata-package - some sync with structure of upstream spec-file - removed some legacy conditionals - added with-cibsecrets - enable some basic gating-tests - remove building documentation using publican from ELN - rename doc-dir for ELN --------------------------------------------------------------------------------ChangeLog: * Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file * Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc3 - Corosync in Fedora now provides corosync-devel as well in isa-flavor * Sun Nov 1 2020 Klaus Wenninger - 2.0.5-0.5.rc2 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 - Remove dependencies to nagios-plugins from metadata-package - some sync with structure of upstream spec-file - removed some legacy conditionals - added with-cibsecrets - enable some basic gating-tests - remove building documentation using publican from ELN - rename doc-dir forELN --------------------------------------------------------------------------------References: [ 1 ] Bug #1889581 - pacemaker-2.0.5-rc2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1889581 [ 2 ] Bug #1891718 - CVE-2020-25654 pacemaker: ACL restrictions bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1891718 [ 3 ] Bug #1898409 - pacemaker-2.0.5-rc3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1898409 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-3d0e38b9e7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 26, 2020
•Critical
Fedora
89
security advisoryFedoraupdate informationFedora 32: 2020-2cbe0089e2 Critical: Pacemaker Update for High Availability
* Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file * Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-2cbe0089e2 2020-11-27 01:11:05.570356 --------------------------------------------------------------------------------Name : pacemaker Product : Fedora 32 Version : 2.0.5 Release : 0.7.rc3.fc32 URL : https://clusterlabs.org/ Summary : Scalable High-Availability cluster resource manager Description : Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : cibsecrets coverage doc hardening pre_release profiling --------------------------------------------------------------------------------Update Information: * Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file * Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc3 -Corosync in Fedora now provides corosync-devel as well in isa-flavor * Sun Nov 1 2020 Klaus Wenninger - 2.0.5-0.5.rc2 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2-Remove dependencies to nagios-plugins from metadata-package - some sync with structure of upstream spec-file - removed some legacy conditionals - added with-cibsecrets - enable some basic gating-tests - remove building documentation using publican from ELN - rename doc-dir for ELN ---- - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 -Remove dependencies to nagios-plugins from metadata-package - some sync with structure of upstream spec-file - removed some legacy conditionals - added with-cibsecrets - enable some basic gating-tests - remove building documentation using publican from ELN - rename doc-dir for ELN --------------------------------------------------------------------------------ChangeLog: * Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file * Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc3 - Corosync in Fedora now provides corosync-devel as well in isa-flavor * Sun Nov 1 2020 Klaus Wenninger - 2.0.5-0.5.rc2 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 - Remove dependencies to nagios-plugins from metadata-package - some sync with structure of upstream spec-file - removed some legacy conditionals - added with-cibsecrets - enable some basic gating-tests - remove building documentation using publican from ELN - rename doc-dir for ELN --------------------------------------------------------------------------------References: [ 1 ] Bug#1889581 - pacemaker-2.0.5-rc2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1889581 [ 2 ] Bug #1891718 - CVE-2020-25654 pacemaker: ACL restrictions bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1891718 [ 3 ] Bug #1898409 - pacemaker-2.0.5-rc3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1898409 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-2cbe0089e2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 26, 2020
•Critical
Fedora
89
security advisorycritical issueFedoraFedora 28: Critical Pacemaker Security Advisory on Multiple Issues
Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-e71f6f36ac 2019-05-04 01:16:59.061696 --------------------------------------------------------------------------------Name : pacemaker Product : Fedora 28 Version : 1.1.18 Release : 3.fc28 URL : https://clusterlabs.org/ Summary : Scalable High-Availability cluster resource manager Description : Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : coverage doc hardening pre_release profiling --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878 --------------------------------------------------------------------------------ChangeLog: * Thu Apr 25 2019 Fedora Release Engineering - 1.1.18-3 - Apply fixes for security issues: . CVE-2019-3885 (use-after-free with potential information disclosure) . CVE-2018-16877 (insufficient local IPC client-server authentication) . CVE-2018-16878 (insufficient verification inflicted preference of uncontrolled processes) --------------------------------------------------------------------------------References: [ 1 ] Bug #1652646 - CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc https://bugzilla.redhat.com/show_bug.cgi?id=1652646 [ 2 ] Bug #1657962 - CVE-2018-16878 pacemaker: Insufficient verification inflicted preference ofuncontrolled processes can lead to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1657962 [ 3 ] Bug #1694554 - CVE-2019-3885 pacemaker: Information disclosure through use-after-free https://bugzilla.redhat.com/show_bug.cgi?id=1694554 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e71f6f36ac' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 03, 2019
•Critical
Fedora
200
security advisorymoderatebug fixScientific Linux 7: SLSA-2015:2383-1 Moderate: Pacemaker Bug Fixes
Moderate: pacemaker security, bug fix, and enhancement update. Date: Mon, 21 Dec 2015 23:10:07 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: pacemaker on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: pacemaker security, bug fix, and enhancement update Advisory ID: SLSA-2015:2383-1 Issue Date: 2015-11-19 CVE Numbers: CVE-2015-1867 -- A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) The pacemaker packages have been upgraded to upstream version 1.1.13, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bugs: * When a Pacemaker cluster included an Apache resource, and Apache's mod_systemd module was enabled, systemd rejected notifications sent by Apache. As a consequence, a large number of errors in the following format appeared in the system log: Got notification message from PID XXXX, but reception only permitted for PID YYYY With this update, the lrmd daemon now unsets the "NOTIFY_SOCKET" variable in the described circumstances, and these error messages are no longer logged. * Previously, specifying a remote guest node as a part of a group resource in a Pacemaker cluster caused the node to stop working. This update adds support for remote guests in Pacemaker group resources, and the described problem no longer occurs. * When a resource in a Pacemaker cluster failed to start, Pacemaker updated the resource's last failure time and incremented its fail count even if the "on-fail=ignore" option was used. This in some cases caused unintended resource migrations when a resource start failure occurred. Now, Pacemaker does not update the fail count when "on-fail=ignore" is used. As a result, the failure isdisplayed in the cluster status output, but is properly ignored and thus does not cause resource migration. * Previously, Pacemaker supported semicolon characters (";") as delimiterswhen parsing the pcmk_host_map string, but not when parsing the pcmk_host_list string. To ensure consistent user experience, semicolons are now supported as delimiters for parsing pcmk_host_list, as well. In addition, this update adds the following enhancements: * If a Pacemaker location constraint has the "resource-discovery=never" option, Pacemaker now does not attempt to determine whether a specified service is running on the specified node. In addition, if multiple location constraints for a given resource specify "resource- discovery=exclusive", then Pacemaker attempts resource discovery only on the nodes specified in those constraints. This allows Pacemaker to skip resource discovery on nodes where attempting the operation would lead to error or other undesirable behavior. * The procedure of configuring fencing for redundant power supplies has been simplified in order to prevent multiple nodes accessing cluster resources at the same time and thus causing data corruption. For further information, see the "Fencing: Configuring STONITH" chapter of the High Availability Add-On Reference manual. * The output of the "crm_mon" and "pcs_status" commands has been modified to be clearer and more concise, and thus easier to read when reporting the status of a Pacemaker cluster with a large number of remote nodes and cloned resources. -- SL7 x86_64 pacemaker-1.1.13-10.el7.x86_64.rpm pacemaker-cli-1.1.13-10.el7.x86_64.rpm pacemaker-cluster-libs-1.1.13-10.el7.i686.rpm pacemaker-cluster-libs-1.1.13-10.el7.x86_64.rpm pacemaker-cts-1.1.13-10.el7.x86_64.rpm pacemaker-debuginfo-1.1.13-10.el7.i686.rpm pacemaker-debuginfo-1.1.13-10.el7.x86_64.rpm pacemaker-doc-1.1.13-10.el7.x86_64.rpm pacemaker-libs-1.1.13-10.el7.i686.rpm pacemaker-libs-1.1.13-10.el7.x86_64.rpm pacemaker-libs-devel-1.1.13-10.el7.i686.rpm pacemaker-libs-devel-1.1.13-10.el7.x86_64.rpm pacemaker-nagios-plugins-metadata-1.1.13-10.el7.x86_64.rpm pacemaker-remote-1.1.13-10.el7.x86_64.rpm - Scientific Linux Development Team . Significant server software upgrade for Ubuntu resolves various vulnerabilities along with improvements and issue corrections.. pacemaker update, security enhancement, Scientific Linux advisory, bug fix. . LinuxSecurity.com Team
Dec 21, 2015
Scientific Linux
89
security advisorycriticalFedoraFedora 23 Pacemaker: CVE-2015-1867 Critical Security Advisory
Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. * * * pacemaker-1.1.13-3.fc{21,22,23} - Update to Pacemaker-1.1.13 post-release + patches (sync) - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recognized by Pacemaker - Several specfile improvements: drop irrelevant stuff, rehash the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-f9864ecd8f 2015-10-31 16:04:40.593927 -------------------------------------------------------------------------------- Name : pacemaker Product : Fedora 23 Version : 1.1.13 Release : 3.fc23 URL : https://clusterlabs.org/ Summary : Scalable High-Availability cluster resource manager Description : Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : doc coverage profiling pre_release upstart_job -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. * * * pacemaker-1.1.13-3.fc{21,22,23} - Update to Pacemaker-1.1.13 post-release + patches (sync) - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recognized by Pacemaker - Several specfile improvements: drop irrelevant stuff, rehash the included/excluded files + dependencies, add check scriptlet, reflect current packaging practice, do minor cleanups (mostly adopted from anotherspec) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211370 - CVE-2015-1867 pacemaker: acl read-only access allow role assignment https://bugzilla.redhat.com/show_bug.cgi?id=1211370 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pacemaker' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Oct 31, 2015
•Critical
Fedora
89
security advisoryupdateFedoraFedora 20: 2015-8577 Moderate: Bugfix for Torque Service Issues
Bugfix - #1215207 create/install service files for these. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8577 2015-05-20 14:44:09 -------------------------------------------------------------------------------- Name : torque Product : Fedora 20 Version : 4.2.10 Release : 3.fc20 URL : Summary : Tera-scale Open-source Resource and QUEue manager Description : TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource manager providing control over batch jobs and distributed compute nodes. TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability, fault tolerance, and feature extension patches provided by USC, NCSA, OSC, the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations. This package holds just a few shared files and directories. -------------------------------------------------------------------------------- Update Information: Bugfix - #1215207 create/install service files for these -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2015 David Brown - 4.2.10-3 - Bugfix - #1215207 create/install service files for these - Bugfix - #1117263 qmgr aborts in some instances - Bugfix - #1144396 Hey! Version Bump! - Bugfix - #1215992 more service scripts - Bugfix - #1216037 fixed permissions on directories - Bugfix - #1149045 hopefully these are all fixed now - Bugfix - #965513 calling this one fixed... * Fri Apr 24 2015 David Brown - 4.2.10-2 - Bugfix - #1154413 make manipulating services better. * Mon Apr 6 2015 David Brown - 4.2.10-1 - Updated upstream version * Thu Apr 2 2015 David Brown - 4.2.8-3 - Version bump to merge from previous version * Thu Mar 26 2015 Richard Hughes - 4.2.8-2 - Add an AppData file for the software center * Tue Oct 14 2014 David Brown - 4.2.8-2 - merged fedora latest into epel - This breaks old configs and should be treatedcarefully * Wed Oct 1 2014 Haïkel Guémar - 3.0.4-6 - Fix CVE-2013-4319 (RHBZ #1005918, #1005919) * Fri Sep 5 2014 Haïkel Guémar - 3.0.4-5 - Fix CVE-2013-4495 (RHBZ #1029752) * Mon Sep 1 2014 Haïkel Guémar - 4.2.8-1 - upstream 4.2.8 * Mon Aug 18 2014 Fedora Release Engineering - 4.2.6.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 17 2014 Ralf Corsépius - 4.2.6.1-5 - Reflect upstream URL and Source0 having changed. * Thu Jul 17 2014 Ralf Corsépius - 4.2.6.1-4 - Append -DUSE_INTERP_RESULT -DUSE_INTERP_ERRORLINE to CFLAGS to work-around Tcl/Tk-8.6 incompatibilities (FTFFS RHBZ#1107455). - Pass --without-debug to %configure to let configure pass through %optflags (RHBZ#1074571). - Fix twice listed files in *-devel. * Sun Jun 8 2014 Fedora Release Engineering - 4.2.6.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 21 2014 Jaroslav Škarvada - 4.2.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86 * Sun Jan 12 2014 Haïkel Guémar - 4.2.6.1-1 - upstream 4.2.6.1 * Wed Nov 13 2013 Haïkel Guémar - 4.2.6-1 - upstream 4.2.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215207 - pbs_server does not start trqauthd https://bugzilla.redhat.com/show_bug.cgi?id=1215207 [ 2 ] Bug #1117263 - torque qmgr aborts on server commands while jobs are running https://bugzilla.redhat.com/show_bug.cgi?id=1117263 [ 3 ] Bug #1144396 - torque-4.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1144396 [ 4 ] Bug #1215992 - torque-client (4.x) should package trqauthd service https://bugzilla.redhat.com/show_bug.cgi?id=1215992 [ 5 ] Bug #1216037 - permissions on some /var/lib/torque/ sub-directories https://bugzilla.redhat.com/show_bug.cgi?id=1216037 [ 6 ] Bug #1149045 - CVE-2014-3684 torque: non-root users able to kill any process on any node in a job [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1149045 [ 7 ] Bug #965513 - torque package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=965513 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update torque' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 30, 2015
Fedora
89
security advisoryFedoraupdate informationFedora 22 Torque 4.2.10 Security Advisory: Service Files Bugfix
Bugfix - #1215207 create/install service files for these. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8544 2015-05-20 00:47:03 -------------------------------------------------------------------------------- Name : torque Product : Fedora 22 Version : 4.2.10 Release : 3.fc22 URL : Summary : Tera-scale Open-source Resource and QUEue manager Description : TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource manager providing control over batch jobs and distributed compute nodes. TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability, fault tolerance, and feature extension patches provided by USC, NCSA, OSC, the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations. This package holds just a few shared files and directories. -------------------------------------------------------------------------------- Update Information: Bugfix - #1215207 create/install service files for these -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2015 David Brown - 4.2.10-3 - Bugfix - #1215207 create/install service files for these - Bugfix - #1117263 qmgr aborts in some instances - Bugfix - #1144396 Hey! Version Bump! - Bugfix - #1215992 more service scripts - Bugfix - #1216037 fixed permissions on directories - Bugfix - #1149045 hopefully these are all fixed now - Bugfix - #965513 calling this one fixed... * Fri Apr 24 2015 David Brown - 4.2.10-2 - Bugfix - #1154413 make manipulating services better. * Mon Apr 6 2015 David Brown - 4.2.10-1 - Updated upstream version * Thu Apr 2 2015 David Brown - 4.2.8-3 - Version bump to merge from previous version * Thu Mar 26 2015 Richard Hughes - 4.2.8-2 - Add an AppData file for the software center * Tue Oct 14 2014 David Brown - 4.2.8-2 - merged fedora latest into epel - This breaks old configs and should be treatedcarefully * Wed Oct 1 2014 Haïkel Guémar - 3.0.4-6 - Fix CVE-2013-4319 (RHBZ #1005918, #1005919) * Fri Sep 5 2014 Haïkel Guémar - 3.0.4-5 - Fix CVE-2013-4495 (RHBZ #1029752) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1117263 - torque qmgr aborts on server commands while jobs are running https://bugzilla.redhat.com/show_bug.cgi?id=1117263 [ 2 ] Bug #1215992 - torque-client (4.x) should package trqauthd service https://bugzilla.redhat.com/show_bug.cgi?id=1215992 [ 3 ] Bug #1215207 - pbs_server does not start trqauthd https://bugzilla.redhat.com/show_bug.cgi?id=1215207 [ 4 ] Bug #1144396 - torque-4.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1144396 [ 5 ] Bug #1216037 - permissions on some /var/lib/torque/ sub-directories https://bugzilla.redhat.com/show_bug.cgi?id=1216037 [ 6 ] Bug #1149045 - CVE-2014-3684 torque: non-root users able to kill any process on any node in a job [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1149045 [ 7 ] Bug #965513 - torque package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=965513 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update torque' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 30, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!