Updated condor packages that fix one security issue are now available forRed Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

HTCondor is a specialized workload management system for compute-intensivejobs. It provides a job queuing mechanism, scheduling policy, priorityscheme, and resource monitoring and management.The HTCondor scheduler can optionally notify a user of completed jobs bysending an email. Due to the way the daemon sent the email message,authenticated users able to submit jobs could execute arbitrary code withthe privileges of the condor user. (CVE-2014-8126)This issue was discovered by Florian Weimer of Red Hat Product Security.All Red Hat Enterprise MRG 2.5 users are advised to upgrade to theseupdated packages, which contain a backported patch to correct this issue.HTCondor must be restarted for the update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
condor-7.8.10-0.2.el6.src.rpm
    MD5: 411ece33802402a60b0daa42a1a97160SHA-256: f523ab1688819a96af21e091de13e2f56ffca11400822cb76442487bd39b048e
 
IA-32:
condor-7.8.10-0.2.el6.i686.rpm
    MD5: 25dc6e8c20382c604f3aaf7aece415fdSHA-256: aed31e3268c721bde79a0b3dabf6d8d8f603df61f740b7cb22ece912451f000c
condor-aviary-7.8.10-0.2.el6.i686.rpm
    MD5: e0a2742fe8dd05d9fab758dd83e56de5SHA-256: 607e9c2ff7dd3be6f1da1a38ce301894e844ec1a4ec6130e34bdc6845ad6b1b5
condor-classads-7.8.10-0.2.el6.i686.rpm
    MD5: 044a9b9df67b3346ca7b0461f12bf95aSHA-256: 6e09cd49d0d2655033b985ce5876e913adaa705715bbe72e8c60fb11395b2e40
condor-cluster-resource-agent-7.8.10-0.2.el6.i686.rpm
    MD5: fc383bf368b7681b24c5f65e4886975fSHA-256: e771fbc16a80924ceed508c5dbdc6f8cc48c8f06714c6cb490c77e96cf3900ff
condor-debuginfo-7.8.10-0.2.el6.i686.rpm
    MD5: fbdf244d7f33e89ab48e0470b1327944SHA-256: 92419828890c11e8dd3cf2145305e55768565d89803620525b2622d411a3085b
condor-kbdd-7.8.10-0.2.el6.i686.rpm
    MD5: 66d8edeb3ef63a0c35b20a3ebe44396fSHA-256: 6e4f33df095e32bd553cc2299c219381cf80d39bd485708ddabc40c14a26b9dd
condor-plumage-7.8.10-0.2.el6.i686.rpm
    MD5: 2c6b06753c50470691443c88d5157592SHA-256: f5099385f7acdafc2d3af3fdd99c3f7abbc3250ca4042bc200cfb297a2cd3580
condor-qmf-7.8.10-0.2.el6.i686.rpm
    MD5: 1691c26a2474c602c310d2bb5f637ceeSHA-256: 03e9dacd17b81753b21faec08ae56adcf8a8ca1e56c6bdc19fbac330b28945fa
 
x86_64:
condor-7.8.10-0.2.el6.x86_64.rpm
    MD5: a8b6952f458ebd2062081838bf421ff5SHA-256: 9841fb84fb496e774d889f10e4e2e8d40ba5a1e8062096e48baada6aebc23a65
condor-aviary-7.8.10-0.2.el6.x86_64.rpm
    MD5: 76b629c55ad025053d036b6662b87271SHA-256: 04a7b5c3e2ff213c7ebb58919e679f77d2422fd1ece32a7d871f1fee18ccff49
condor-classads-7.8.10-0.2.el6.x86_64.rpm
    MD5: f666353843f36388d3f00138c90125c8SHA-256: 8113142b95ce985505a3d6710d4a7fe085e72c886d0b9d5d94181f1cf55099c9
condor-cluster-resource-agent-7.8.10-0.2.el6.x86_64.rpm
    MD5: d2ec03e731ec7a00d57511ffe9074343SHA-256: 1e150c804ce996247879d92d3773458c73a9ebc5d2eb37a3a74b3900caddddb9
condor-debuginfo-7.8.10-0.2.el6.x86_64.rpm
    MD5: 9e145396fd914769b343c1945194a466SHA-256: cc02cdcebef3552995e51dca68a59335013b6e0f43b0b24939f0d8e5ee860dde
condor-deltacloud-gahp-7.8.10-0.2.el6.x86_64.rpm
    MD5: 77488ffe72606935ad9f3b12aa7c1c63SHA-256: 72a223aea04d879517703e0d91aca7b86249c4e2ef935870f2b64e816cb5c3cc
condor-kbdd-7.8.10-0.2.el6.x86_64.rpm
    MD5: c2fb8b8233b353a185a52de45f4bce59SHA-256: ac36b8fc930862ec23d99c29884d0d0e532d762c0877a41a91658d0e0fedbcec
condor-plumage-7.8.10-0.2.el6.x86_64.rpm
    MD5: 78e7fdedd28116602e9f9d6b8e5b54bcSHA-256: 01dbabceda9774893d80ca8e734c306684e9bcc1deef12c7c17e6d5824597ce7
condor-qmf-7.8.10-0.2.el6.x86_64.rpm
    MD5: a758c172148f076b79f98b9e903ec77cSHA-256: 254b4b7166bfea8fb29a549fe119c58d4f36d68bdc61d8dd70bb062f9f389074
condor-vm-gahp-7.8.10-0.2.el6.x86_64.rpm
    MD5: 67d7b3d1cab2645133fde1cbc3014c4fSHA-256: 8624e1b754302555ce07b59ba3a02502fe05b259eb4ff5720af1ffc9b18a29df
 
(The unlinked packages above are only available from the Red Hat Network)
1169800 – CVE-2014-8126 condor: mailx invocation enables code execution as condor user

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply