Security Advisory Moderate: MRG Grid security, bug fix, and enhancement update

Advisory: RHSA-2012:0100-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-02-06
Last updated on: 2012-02-06
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)
CVEs (cve.mitre.org): CVE-2011-4930

Details

Updated Grid component packages that fix multiple security issues, multiple
bugs, and add various enhancements are now available for Red Hat Enterprise
MRG 2 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved infrastructure
utilization by leveraging their existing technology to build high
performance grids. MRG Grid provides a job-queueing mechanism, scheduling
policy, and a priority scheme, as well as resource monitoring and resource
management. Users submit their jobs to MRG Grid, where they are placed into
a queue. MRG Grid then chooses when and where to run the jobs based upon a
policy, carefully monitors their progress, and ultimately informs the user
upon completion.

Multiple format string flaws were found in Condor. An authenticated Condor
service user could use these flaws to prevent other jobs from being
scheduled and executed, crash the condor_schedd daemon, or, possibly,
execute arbitrary code with the privileges of the "condor" user.
(CVE-2011-4930)

These updated packages for Red Hat Enterprise Linux 5 provide enhancements
and bug fixes for the Grid component of MRG. Some select enhancements and
fixes include:

* Addition of -sort option to condor_status

* Customized output from condor_q -run for EC2 jobs

* Enhanced the summary line provided by condor_q

* Improved Collector performance around blocking network calls

* Fixed a memory leak associated with python-psycopg2 hit by cumin-data

Space precludes documenting all of these changes in this advisory. Refer to
the Red Hat Enterprise MRG 2 Technical Notes document for information on
these changes:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/index.html

All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised
to upgrade to these updated packages, which resolve the issues and add the
enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)

SRPMS:
condor-7.6.5-0.12.el5.src.rpm
File outdated by:  RHSA-2015:0036
    MD5: 8117e026c7dd464b02ba7363c3cdcfd4
SHA-256: 8c6ce4d943420ee5c2f563f19b3af78bc5f7aa88918bf7581f9b5f0193f88199
condor-ec2-enhanced-1.3.0-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: 9e27ea7d85d459d267fd08d9cb39e1e3
SHA-256: 9d9c30be13598f77d655f35b443a84906fae24adeba8e96ba0651ffd6b2ad95a
condor-ec2-enhanced-hooks-1.3.0-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: 9cf84389ba89fff71d9d908b4532b9a2
SHA-256: 5e7884a49630504a4be0f7c1f4f64bc604abb867cd9f8df4dd6621f65fb49fb2
condor-wallaby-base-db-1.19-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: 09f2289bb0b5b77919ebe3f8864d7dee
SHA-256: 039ec6a59eb062375296f853f092d20932775e468cace898d2802c443b8e3738
cumin-0.1.5192-1.el5.src.rpm
File outdated by:  RHBA-2014:1950
    MD5: 2001f7b0a7c9403742d7a1c8d0b29ce7
SHA-256: 116cfcc46ab82ed05849c0edbd4d0fc77e915ed25deda0288ec91236c089b034
python-psycopg2-2.0.14-3.el5.src.rpm     MD5: d13fb6e66dfb1a23dafe803ec993bd64
SHA-256: c5846f0baabdc375449f49645dfa357246ce2add3424bb22d85b38622db08a42
ruby-spqr-0.3.5-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: 4daa65b9d68461b901d21f5e1d5cc06d
SHA-256: ba50047a150919cbe9bcabbeff3ddf69b5f60dc379b989f7db2eb02523a23b60
wallaby-0.12.5-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: c4c707318a039bc35a4b74c0a4a36e85
SHA-256: b61369b15a6acfbe7a2ef4bdf93d77a07b999b15f7742b6f221e6bfaf1011028
 
IA-32:
condor-7.6.5-0.12.el5.i386.rpm
File outdated by:  RHSA-2015:0036
    MD5: dd448f4be2b9e7c952f0a6cda27b9e39
SHA-256: 6c527c35828d96299b7450498638668dab825e5488b2305710a50ea61523f65c
condor-aviary-7.6.5-0.12.el5.i386.rpm
File outdated by:  RHSA-2015:0036
    MD5: 8e950d317ab3de2c9c03939bc0eed261
SHA-256: 256899f0ba45be3a1f0bb8bc444a243eb2ae9e999953b4956f203e9857ffcde3
condor-classads-7.6.5-0.12.el5.i386.rpm
File outdated by:  RHSA-2015:0036
    MD5: 49b527abd91b19470286893bf30ee535
SHA-256: d58a3e197a05fe6f55ee9bb9a576a4388c313160c0bbc9889e81ed6d3aa08676
condor-ec2-enhanced-1.3.0-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 6ea1da7425838752253bc8065ddb02fb
SHA-256: a117a3d1db9a9a1530ebd8daade76f3ca151d525386525d38a047fd1c323da73
condor-ec2-enhanced-hooks-1.3.0-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 0de351192d19ef26f1f109b0bb296fdb
SHA-256: 8f1ec0f52ce46157a5758954e29d673aac9dcb12dab36e09e4d0e60b1ea4af65
condor-kbdd-7.6.5-0.12.el5.i386.rpm
File outdated by:  RHSA-2015:0036
    MD5: 24d76eb8786976b023848911f0390ec0
SHA-256: 79ebef49a7d546344b261035aaa079f1210843246380f43097910180f54c01fa
condor-qmf-7.6.5-0.12.el5.i386.rpm
File outdated by:  RHSA-2015:0036
    MD5: e7ae8b56209e4042d00b86fdab49f57a
SHA-256: 54c107e0e9930e198a7604e6454e0b491bf6ada0e38c3ac2a01bd25e3b490071
condor-vm-gahp-7.6.5-0.12.el5.i386.rpm
File outdated by:  RHSA-2015:0036
    MD5: 09c36135611e535011fe6fb241a266f8
SHA-256: 6ee29ca35f840b950803ebd3cca1a36cd4d879a44d1364ecee466370edcd4271
condor-wallaby-base-db-1.19-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 3eeaa12d5af560f62e7654fc4e40f6af
SHA-256: c42164537d75edd778d9a721530f154e2ab1bc0cfb1e3b35e92df96d8757a4f4
cumin-0.1.5192-1.el5.noarch.rpm
File outdated by:  RHBA-2014:1950
    MD5: 671c3b33949a550d6ee8cb8d092cf888
SHA-256: 5f47f23311b14b8e0519fb142336a0fd725df02c99fc91765884f8202c3cc0a3
python-condorec2e-1.3.0-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: c78678a7c22d23973548c661cacc49b5
SHA-256: 6f602781c60970834e1b57962866a3161d95668587f3d7fb93385777d904d613
python-psycopg2-2.0.14-3.el5.i386.rpm     MD5: 1ba50fd7e967656369705d630e31ae10
SHA-256: 40a53f3f507a98875a5716ec9651ff8ccf8751c5f7d51afd368c8d143a35d824
python-wallaby-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 9e177e81cafb60686fec5f56ff241d6d
SHA-256: f73cf4c1cdd5fde4ed58edd1792c79778d458d6260b4eb85fbf61fd14eb348c4
ruby-spqr-0.3.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 67575dd5f33af1b759c6bf3801b34566
SHA-256: f0337b883331f2db77d95a741b4f10a965ea6211d0196e1ee1595495a8741e9f
ruby-wallaby-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: a9b43900fdb7752daccfe4ebdbfaf654
SHA-256: 6d20da58da993d1ac99d7c807ca61277a294062cf9d2ce128e86fcaafc18603d
spqr-gen-0.3.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: cad59c3cb01327262adbb97e8c9ed71d
SHA-256: 1348e05c63f6eda6581b77afceda8da5590003d73d7fbf7d3b10853ab5af918d
wallaby-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 20a890070cb80564c01cd09680da2575
SHA-256: 0412cc760b0c470870992488bb2be28930cc4d06df7ac78df51a72005cf64cfc
wallaby-utils-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 4215eb52d0805f0c58ce4c051af2ea2b
SHA-256: 0e394779623cc6b271a086bf65f3d7c5bfed8004c589d2ce6db20d578a3b9b42
 
x86_64:
condor-7.6.5-0.12.el5.x86_64.rpm
File outdated by:  RHSA-2015:0036
    MD5: ff2651e8a20f769f41e818af896c5745
SHA-256: 6b9de14a655b5e4518c8dad06830c4b8e338f236d81b6c4d2a898dea040fcef3
condor-aviary-7.6.5-0.12.el5.x86_64.rpm
File outdated by:  RHSA-2015:0036
    MD5: 2a2d234ee2bf6f556754f1929b78dd6c
SHA-256: c1cd01223c5f9a6bbf241fd76b1cf43324837645d6b6c16327d4f0b5086d7fa4
condor-classads-7.6.5-0.12.el5.x86_64.rpm
File outdated by:  RHSA-2015:0036
    MD5: a11b63e0bf4c0f5ffd0d52ccc2629518
SHA-256: fc48b050a63687c726b84c65d25435ebbf3568be3f14cb929c643a7c3272d75b
condor-ec2-enhanced-1.3.0-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 6ea1da7425838752253bc8065ddb02fb
SHA-256: a117a3d1db9a9a1530ebd8daade76f3ca151d525386525d38a047fd1c323da73
condor-ec2-enhanced-hooks-1.3.0-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 0de351192d19ef26f1f109b0bb296fdb
SHA-256: 8f1ec0f52ce46157a5758954e29d673aac9dcb12dab36e09e4d0e60b1ea4af65
condor-kbdd-7.6.5-0.12.el5.x86_64.rpm
File outdated by:  RHSA-2015:0036
    MD5: 1311469543c3f66ff648a99bdc3584fa
SHA-256: 9ac8c9d78bb7189c8a66e18d067cdc4311b37179d00972d074dbd4bcfea1be48
condor-qmf-7.6.5-0.12.el5.x86_64.rpm
File outdated by:  RHSA-2015:0036
    MD5: 090b1d7ad01df5af418f0d15e62ab3dc
SHA-256: 4fa9c00861ffef8938c5800b155e6daaf93b30740bbdca9c9048e5594d6a1bd1
condor-vm-gahp-7.6.5-0.12.el5.x86_64.rpm
File outdated by:  RHSA-2015:0036
    MD5: 46bb7f12558465445393847018352f16
SHA-256: a8f9d96eae2ee3b11ee3aa7696aff24d01c9447d5dcbde3b9ade71ec6d07e0b3
condor-wallaby-base-db-1.19-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 3eeaa12d5af560f62e7654fc4e40f6af
SHA-256: c42164537d75edd778d9a721530f154e2ab1bc0cfb1e3b35e92df96d8757a4f4
cumin-0.1.5192-1.el5.noarch.rpm
File outdated by:  RHBA-2014:1950
    MD5: 671c3b33949a550d6ee8cb8d092cf888
SHA-256: 5f47f23311b14b8e0519fb142336a0fd725df02c99fc91765884f8202c3cc0a3
python-condorec2e-1.3.0-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: c78678a7c22d23973548c661cacc49b5
SHA-256: 6f602781c60970834e1b57962866a3161d95668587f3d7fb93385777d904d613
python-psycopg2-2.0.14-3.el5.x86_64.rpm     MD5: fa436e78a42d70c790d77781bc79e270
SHA-256: cdf7a69d198db8be4e4e1ac55671b005e17b6c7b02719612996ec87cc772c5c6
python-wallaby-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 9e177e81cafb60686fec5f56ff241d6d
SHA-256: f73cf4c1cdd5fde4ed58edd1792c79778d458d6260b4eb85fbf61fd14eb348c4
ruby-spqr-0.3.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 67575dd5f33af1b759c6bf3801b34566
SHA-256: f0337b883331f2db77d95a741b4f10a965ea6211d0196e1ee1595495a8741e9f
ruby-wallaby-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: a9b43900fdb7752daccfe4ebdbfaf654
SHA-256: 6d20da58da993d1ac99d7c807ca61277a294062cf9d2ce128e86fcaafc18603d
spqr-gen-0.3.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: cad59c3cb01327262adbb97e8c9ed71d
SHA-256: 1348e05c63f6eda6581b77afceda8da5590003d73d7fbf7d3b10853ab5af918d
wallaby-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 20a890070cb80564c01cd09680da2575
SHA-256: 0412cc760b0c470870992488bb2be28930cc4d06df7ac78df51a72005cf64cfc
wallaby-utils-0.12.5-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 4215eb52d0805f0c58ce4c051af2ea2b
SHA-256: 0e394779623cc6b271a086bf65f3d7c5bfed8004c589d2ce6db20d578a3b9b42
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

613931 - cannot delete user name from condor_userprio -all and wrong resource number
748735 - Cumin generates application error: TypeError: len() of unsized object from cumin/objectframe.py, line 298
750063 - condor_q -run w/ EC2 should display EC2RemoteVirtualMachine
751072 - Some condor_* commands with valid parameter '-help' return non zero exit code
751779 - Up-time display for Scheduler object is not dd:hh:mm
751834 - Hardcoded resource URL (ec2.amazonaws.com)
752322 - Suspended jobs should be displayed in condor_q summary line
753829 - Dag submissions have incorrect job totals from plugin publisher
754202 - History file and index management during condor_job_server runtime
756401 - SPQR defaults to PLAIN authentication if a username is specified
756402 - SPQR does not support every authentication mechanism available in qmfengine
759154 - Script sshd.sh print 0 as error code of some utilities instead of returned code
759200 - Memory leak in python-psycopg2
759433 - OpenMPI job fails when sshd.sh putting identity keys back.
759548 - CVE-2011-4930 Condor: Multiple format string flaws
761165 - EC2AvailabilityZone misspelled
761588 - condor_schedd.init script isn't removing pidfile
765713 - Memory usage graph - gray collor
765846 - Submit VM job - doesn't work
771642 - Cumin generates application error: AttributeError: 'int' object has no attribute 'name', wallabyoperations.py line 420
773680 - Released job doesn't start
782485 - Exception on Inventory page after wallaby remove-node
782902 - Inventory page with sesame and wallaby data can see values disappear temporarily


References


Keywords

2.1.1, Bug, Enhancements,, Fix,, Grid,, Management,, MRG,, Security,


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/