[Bug 1058277] Re: Sync condor 7.8.2~dfsg.1-1+deb7u1 (universe) from Debian unstable (main)

Dmitrijs Ledkovs launchpad at surgut.co.uk
Sat Sep 29 16:17:18 UTC 2012 

This bug was fixed in the package condor - 7.8.2~dfsg.1-1+deb7u1
Sponsored for Logan Rosen (logan)

---------------
condor (7.8.2~dfsg.1-1+deb7u1) unstable; urgency=high

  * Security update. This release addresses four CVE issues (Closes: #688210):
    - Security Item: Some code that was no longer used was removed. The presence
      of this code could expose information which would allow an attacker to
      control another user's job. (CVE-2012-3493)
    - Security Item: Some code that was no longer used was removed. The presence
      of this code could have lead to a Denial-of-Service attack which would
      allow an attacker to remove another user's idle job. (CVE-2012-3491)
    - Security Item: Filesystem (FS) authentication was improved to check the
      UNIX permissions of the directory used for authentication. Without this,
      an attacker may have been able to impersonate another submitter on the
      same submit machine. (CVE-2012-3492)
    - Security item: Check setuid return value (CVE-2012-3490)

 -- Michael Hanke <mih at debian.org>  Wed, 26 Sep 2012 16:10:17 +0200

** Changed in: condor (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1058277

Title:
  Sync condor 7.8.2~dfsg.1-1+deb7u1 (universe) from Debian unstable
  (main)

Status in “condor” package in Ubuntu:
  Fix Released

Bug description:
  Please sync condor 7.8.2~dfsg.1-1+deb7u1 (universe) from Debian
  unstable (main)

  Changelog entries since current quantal version 7.8.2~dfsg.1-1:

  condor (7.8.2~dfsg.1-1+deb7u1) unstable; urgency=high

    * Security update. This release addresses four CVE issues (Closes: #688210):
      - Security Item: Some code that was no longer used was removed. The presence
        of this code could expose information which would allow an attacker to
        control another user's job. (CVE-2012-3493)
      - Security Item: Some code that was no longer used was removed. The presence
        of this code could have lead to a Denial-of-Service attack which would
        allow an attacker to remove another user's idle job. (CVE-2012-3491)
      - Security Item: Filesystem (FS) authentication was improved to check the
        UNIX permissions of the directory used for authentication. Without this,
        an attacker may have been able to impersonate another submitter on the
        same submit machine. (CVE-2012-3492)
      - Security item: Check setuid return value (CVE-2012-3490)

   -- Michael Hanke <mih at debian.org>  Wed, 26 Sep 2012 16:10:17 +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/condor/+bug/1058277/+subscriptions

More information about the Ubuntu-sponsors mailing list