[Beowulf] 2 Security bugs fixed in Grid Engine

Rayson Ho raysonlogin at gmail.com
Tue Apr 17 20:06:23 EDT 2012


There were 2 security related bugs fixed and released in Grid Engine today:

- Code injection via LD_* environment variables
- sgepasswd buffer overflow

Oracle fixed both of them in their CPU (Critical Patch Update) release
for Oracle Grid Engine this afternoon.

For Sun Grid Engine (6.2u5) and Open Grid Scheduler/Grid Engine, visit:

http://gridscheduler.sourceforge.net/security.html

The first one was found by William Hay back in Nov 2011. And the
second one was reported by an outside security researcher to Oracle.
The details of the bug were passed onto me, and we (all the Grid
Engine forks) decided that we should share any security related
information instead of putting it in marketing slides.

Download patches and pre-compiled binaries for:

- SGE 6.2u5, 6.2u5p1, 6.2u5p2
- Open Grid Scheduler/Grid Engine 2011.11

from the URL above.

To apply the patches, just replace the older version of the binaries
with the newer version.

Rayson

=================================
Open Grid Scheduler / Grid Engine
http://gridscheduler.sourceforge.net/

Scalable Grid Engine Support Program
http://www.scalablelogic.com/
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Beowulf mailing list