Izdana je nadogradnja za programski paket gridengine, za operacijske sustave Fedora 15, 16 i 17. Spomenuta nadogradnja otklanja propuste koji napadačima omogućuju umetanje proizvoljnog koda.
| Paket: | gridengine |
| Operacijski sustavi: | Fedora 15, Fedora 16, Fedora 17 |
| Problem: | nepoznat |
| Iskorištavanje: | lokalno/udaljeno |
| Posljedica: | proizvoljno izvršavanje programskog koda |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | FEDORA-2012-6179 |
| Izvor: | Fedora |
| Problem: | |
| Zasad nisu poznati detalji uzroka spomenutih propusta. |
|
| Posljedica: | |
| Napadaču uspješna zlouporaba omogućuje umetanje proizvoljnog programskog koda. |
|
| Rješenje: | |
| Kao zaštita od napada, savjetuje se preuzimanje novih inačica paketa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6179
2012-04-19 05:02:48
--------------------------------------------------------------------------------
Name : gridengine
Product : Fedora 16
Version : 6.2u5p2
Release : 7.fc16.3
URL : http://gridengine.sunsource.net/
Summary : Grid Engine - Distributed Computing Management software
Description :
In a typical network that does not have distributed resource management
software, workstations and servers are used from 5% to 20% of the time.
Even technical servers are generally less than fully utilized. This
means that there are a lot of cycles that can be used productively if
only users know where they are, can capture them, and put them to work.
Grid Engine finds a pool of idle resources and harnesses it
productively, so an organization gets as much as five to ten times the
usable power out of systems on the network. That can increase utilization
to as much as 98%.
Grid Engine software aggregates available compute resources and
delivers compute power as a network service.
These are the local files shared by both the qmaster and execd
daemons. You must install this package in order to use any one of them.
--------------------------------------------------------------------------------
Update Information:
- Security update to prevent environment code injection and two other security
issues.
- Use hardened build.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 17 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5p2-7.3
- Set _hardened_build
- Add two more upstream security patches
- Renumber patches
* Tue Apr 17 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5p2-7.2
- Add upstream env-code-injection security patch
* Thu Mar 15 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5p2-7.1
- Use sge_/SGE_ in man pages
* Wed Mar 14 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5p2-7
- Remove qacct and sge_qmaster from BINFILES checks (Bug 803502)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gridengine' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6177
2012-04-19 05:02:42
--------------------------------------------------------------------------------
Name : gridengine
Product : Fedora 15
Version : 6.2u5
Release : 10.fc15.3
URL : http://gridengine.sunsource.net/
Summary : Grid Engine - Distributed Computing Management software
Description :
In a typical network that does not have distributed resource management
software, workstations and servers are used from 5% to 20% of the time.
Even technical servers are generally less than fully utilized. This
means that there are a lot of cycles that can be used productively if
only users know where they are, can capture them, and put them to work.
Grid Engine finds a pool of idle resources and harnesses it
productively, so an organization gets as much as five to ten times the
usable power out of systems on the network. That can increase utilization
to as much as 98%.
Grid Engine software aggregates available compute resources and
delivers compute power as a network service.
These are the local files shared by both the qmaster and execd
daemons. You must install this package in order to use any one of them.
--------------------------------------------------------------------------------
Update Information:
- Security update to prevent environment code injection and two other security
issues.
- Use hardened build.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 17 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5-10.3
- Add upstream env-code-injection security patch
* Thu Mar 15 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5-10.2
- Use sge_/SGE_ in man pages
* Wed Mar 14 2012 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5-10.1
- Remove qacct and sge_qmaster from BINFILES checks (Bug 803502)
* Fri Jul 29 2011 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5-10
- Move sge_*shepherd to execd sub-package
* Thu Jun 23 2011 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5-9
- Use system jemalloc library, fixes FTBFS bug 715676
- Cleanup some '//' in include paths triggering debugedit failures
* Fri May 6 2011 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 6.2u5-8
- Add patches from opengridscheduler to fix vmem reporting and
slotwise preemption
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gridengine' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6112
2012-04-18 22:00:17
--------------------------------------------------------------------------------
Name : gridengine
Product : Fedora 17
Version : 2011.11
Release : 3.svn131.fc17
URL : http://gridscheduler.sourceforge.net/
Summary : Grid Engine - Distributed Computing Management software
Description :
In a typical network that does not have distributed resource management
software, workstations and servers are used from 5% to 20% of the time.
Even technical servers are generally less than fully utilized. This
means that there are a lot of cycles that can be used productively if
only users know where they are, can capture them, and put them to work.
Grid Engine finds a pool of idle resources and harnesses it
productively, so an organization gets as much as five to ten times the
usable power out of systems on the network. That can increase utilization
to as much as 98%.
Grid Engine software aggregates available compute resources and
delivers compute power as a network service.
These are the local files shared by both the qmaster and execd
daemons. You must install this package in order to use any one of them.
--------------------------------------------------------------------------------
Update Information:
- Security update to prevent environment code injection and two other security
issues.
- Use hardened build.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gridengine' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke