Bug 711463 (CVE-2011-2193)
Summary: | CVE-2011-2193 Torque Server Buffer Overflow Vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Linda Cornwall <LindaAnnCornwall> | ||||
Component: | torque | Assignee: | Steve Traylen <steve.traylen> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | bressers, fotis, steve.traylen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | torque-3.0.1-4.fc15 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-06-21 17:18:14 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Linda Cornwall
2011-06-07 14:51:55 UTC
Thanks for the report, I should have new packages in the next day or so for EPEL 4, EPEL5, EPEL6 , Fedora 14, Fedora 15 and Fedora 16 where this vulnerability applies. Looking upstream I can see a fix submitted to HEAD for this but it does not look to be released AFAICT in any of their releases as yet. I've back-ported their patch back to the EPEL version as well. Will push updates to testing in a day or so at same time as making this bug public. Created attachment 503747 [details]
Trivial patch for buffer overrun
This is patch pulled from trunk on SVN.
svn diff -r 4680:4681 svn://svn.clusterresources.com/torque/trunk
The upstream fix can be found via: svn diff -r 4705:4706 svn://clusterresources.com/torque/ I'm assigning this CVE-2011-2193. If someone could tell upstream, that would be handy. I would like to open this bug up now. Since the fix is public (and clearly marked as fixing a buffer overflow in svn). Thanks Yes: 4705:4706 is correct, I was using another branch but it's the correct fix I had to redo the patch anyway for everything older than Fedora 15. Pushing packages now. Hi, Please open the bug up, it seems all my bodhi updates failed to update this bug with: Update successfully created. Unable to access one or more bugs: You are not authorized to access bug #711463.. :-) Anyway updates are here: https://admin.fedoraproject.org/updates/torque-2.3.13-2.el4 https://admin.fedoraproject.org/updates/torque-2.3.13-2.el5 https://admin.fedoraproject.org/updates/torque-2.5.5-2.el6 https://admin.fedoraproject.org/updates/torque-2.4.11-2.fc14 https://admin.fedoraproject.org/updates/torque-3.0.1-2.fc15 It should be public now. torque-2.3.13-2.el4 has been submitted as an update for Fedora EPEL 4. https://admin.fedoraproject.org/updates/torque-2.3.13-2.el4 torque-2.3.13-2.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/torque-2.3.13-2.el5 torque-2.5.5-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/torque-2.5.5-2.el6 torque-2.4.11-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/torque-2.4.11-2.fc14 torque-3.0.1-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/torque-3.0.1-2.fc15 torque-3.0.1-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/torque-3.0.1-2.fc15 Package torque-2.5.5-2.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing torque-2.5.5-2.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/torque-2.5.5-2.el6 then log in and leave karma (feedback). torque-2.4.11-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. torque-2.3.13-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. torque-2.3.13-2.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. torque-2.5.5-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. torque-3.0.1-4.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |