Security Advisory Moderate: condor security update

Advisory: RHSA-2013:1171-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-08-21
Last updated on: 2013-08-21
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)
CVEs ( CVE-2013-4255


Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

HTCondor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.

A denial of service flaw was found in the way HTCondor's policy definition
evaluator processed certain policy definitions. If an administrator used an
attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND
condor_startd policy, a remote HTCondor service user could use this flaw to
cause condor_startd to exit by submitting a job that caused such a policy
definition to be evaluated to either the ERROR or UNDEFINED states.

Note: This issue did not affect the default HTCondor configuration.

This issue was found by Matthew Farrellee of Red Hat.

All Red Hat Enterprise MRG 2.3 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
HTCondor must be restarted for the update to take effect.


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)

File outdated by:  RHSA-2015:0036
    MD5: 966a633bc4d655877547101da3e7eec8
SHA-256: 1966036dc18db75d40d8078cc4c705b1f90705451c14db83e93bbd05e2ece5e2
File outdated by:  RHSA-2015:0036
    MD5: 731f247936359821535656512cb79a2b
SHA-256: e4d0b3c446a519928d2a532c8f92d1a83ac36f88e4452c5063e37068f7f3670d
File outdated by:  RHSA-2015:0036
    MD5: 2d508042c41f8eea2142058b2c8cbb8e
SHA-256: 9d0dfb8a959c6124a738b1948c21fd22e55b282c0fb61d284d60545c6af7535d
File outdated by:  RHSA-2015:0036
    MD5: 45d9d6196a89afbf022333b29b8b9010
SHA-256: a0445b2ae2bc1c3ddd8eee9e299d70b7ed8869434bde3766ec4701a27096681b
File outdated by:  RHSA-2015:0036
    MD5: b043f1f4d25a1a19afcd58e88217d678
SHA-256: ee72606ad88b26384a47fac96006c2b6b283ac67f23518a2060d61e849f1013b
File outdated by:  RHSA-2015:0036
    MD5: 71d00017b4033997cecbbe8bea810265
SHA-256: 41ab23a16c23fd2245805c40e7fb98173bc71679e3b1513bd10dbcac8c7cd789
File outdated by:  RHSA-2015:0036
    MD5: a22eed87e904eae029aee8639851bfd0
SHA-256: 1e3d30c417bcbe7989e0f91b74c3709ed7f92d8b64d41bd406b504c1b7e5f104
File outdated by:  RHSA-2015:0036
    MD5: bd06384dd5d940d737f5d6fe898bda1a
SHA-256: 82eea59cc32960229d36c12bc7f47f072164029ab8d6015ab417bd780e4e4c7f
File outdated by:  RHSA-2015:0036
    MD5: d1ee5d828af954e5ed20ce1541f94814
SHA-256: 1448e4686fcfa8868c46f50060112a4084acce4da9966aaf97d1ba23813d3a2f
File outdated by:  RHSA-2015:0036
    MD5: f2971e70b2d13d087b2e6bd9c878e6f7
SHA-256: 0dae4b22b1794f04a4dfb5a628299a86f704f7da095980da5fa16be06aa231e6
File outdated by:  RHSA-2015:0036
    MD5: 51056e301fb42aeeee619f0213501df1
SHA-256: 0eb02a3aec57448fbeddbeb9f87a4e4a9fac68ff69a66c891be2949567d6400c
File outdated by:  RHSA-2015:0036
    MD5: cc3416508cbfb560a5deb37d22f9667e
SHA-256: 1d9a6aa714672b224b53365886f854331c27c437b9935698cac49367e3b19313
File outdated by:  RHSA-2015:0036
    MD5: a99b67abe7cc53ac9c4464ee51554c7e
SHA-256: c1335a61a03073945d8113c8a580ab4d8893a94a35f70de13306c3001fa65172
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

919401 - CVE-2013-4255 condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at