Security Information / 2014 / Security Information -- DSA-2936-1 torque

Debian Security Advisory

DSA-2936-1 torque -- security update

Date Reported:

23 May 2014

Affected Packages:

torque

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 748827.
In Mitre's CVE dictionary: CVE-2014-0749.

More information:

John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges.

For the oldstable distribution (squeeze), this problem has been fixed in version 2.4.8+dfsg-9squeeze4.

For the stable distribution (wheezy), this problem has been fixed in version 2.4.16+dfsg-1+deb7u3.

For the unstable distribution (sid), this problem has been fixed in version 2.4.16+dfsg-1.4.

We recommend that you upgrade your torque packages.