There were 2 security related bugs fixed and released in Grid Engine today:
- Code injection via LD_* environment variables - sgepasswd buffer overflow Oracle fixed both of them in their CPU (Critical Patch Update) release for Oracle Grid Engine this afternoon. For Sun Grid Engine (6.2u5) and Open Grid Scheduler/Grid Engine, visit: http://gridscheduler.sourceforge.net/security.html The first one was found by William Hay back in Nov 2011. And the second one was reported by an outside security researcher to Oracle. The details of the bug were passed onto me, and we (all the Grid Engine forks) decided that we should share any security related information instead of putting it in marketing slides. Download patches and pre-compiled binaries for: - SGE 6.2u5, 6.2u5p1, 6.2u5p2 - Open Grid Scheduler/Grid Engine 2011.11 from the URL above. To apply the patches, just replace the older version of the binaries with the newer version. Rayson ================================= Open Grid Scheduler / Grid Engine http://gridscheduler.sourceforge.net/ Scalable Grid Engine Support Program http://www.scalablelogic.com/ _______________________________________________ Beowulf mailing list, [email protected] sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
