Chad Vizino reported a flaw in the TORQUE Resource Manager that would allow non-root users to kill any process, including root-owned ones on any node in a job: http://seclists.org/oss-sec/2014/q4/75 The fixes in the 4.2 branch appear applicable to the version of TORQUE in Fedora and EPEL: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9 https://github.com/adaptivecomputing/torque/commit/967cdc80150690459a47a35a658abeee0ca6e5cb
Created torque tracking bugs for this issue: Affects: fedora-all [bug 1149045] Affects: epel-5 [bug 1149046] Affects: epel-6 [bug 1149047]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.