Skip to navigation

Security Advisory Moderate: condor security update

Advisory: RHSA-2013:1172-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-08-21
Last updated on: 2013-08-21
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2013-4255

Details

Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

HTCondor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.

A denial of service flaw was found in the way HTCondor's policy definition
evaluator processed certain policy definitions. If an administrator used an
attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND
condor_startd policy, a remote HTCondor service user could use this flaw to
cause condor_startd to exit by submitting a job that caused such a policy
definition to be evaluated to either the ERROR or UNDEFINED states.
(CVE-2013-4255)

Note: This issue did not affect the default HTCondor configuration.

This issue was found by Matthew Farrellee of Red Hat.

All Red Hat Enterprise MRG 2.3 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
HTCondor must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
condor-7.8.8-0.4.3.el6_4.src.rpm
File outdated by:  RHSA-2013:1294
    MD5: 4156c0eedb07abe7bbd7200d53307733
SHA-256: 2902a211b9b8f727343e4908c13d3939a40307598f5a170bc14954c504aeeced
 
IA-32:
condor-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 038fa9851484ca5fbf42756006f08267
SHA-256: 873894b9aab1d846ecc90719e37d526408e7ae88f8a623adffa75b2bfa9956a4
condor-aviary-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 481509a79dce840d07141124074d15e8
SHA-256: d97db2e32c5249cd022b5fd4ca776480c16fb563907fdf911351673cac569ffd
condor-classads-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: d9702eeeedc105aa67bb4a1fda544ad8
SHA-256: d2bf366375891b220179491b2f9487ebe254f836352ad63a2077894a951ac1f6
condor-cluster-resource-agent-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 7287639a2e851a918d321073891a91c7
SHA-256: 25ba6587a229631f62c4cf1ecd2ed6aac0c0a2348e259e7a8f93d175fdca6605
condor-debuginfo-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 5449a108c2b940657af50664214e4a40
SHA-256: 0ac772b85ffc6dc383ff225c596263124b025d4a74e4b38fc03fefbe80c5fcd5
condor-kbdd-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: d9dacfc4e2e25b28187321782e237e7c
SHA-256: 6b84197b4ca53f9f3a977bce6d49375251024fa1ddf5ca52f78aa2f1110fa050
condor-plumage-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: c444ac2d5730d24196c656d837173f5b
SHA-256: 330133303bd2d15b599685f6e7aa0ffdf55c875bb1072687e1b33e1187932b74
condor-qmf-7.8.8-0.4.3.el6_4.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: b27d9d09bf8dd644f0889b978179ff62
SHA-256: 42bca82c8ce66343de0958c862d6a49a209ffa75e0ac69b15ace153e0ef3d959
 
x86_64:
condor-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 1ce1b6bf1579287218ef7657a01cc109
SHA-256: a1a1cefd7cce183bd65cdf08473e30ef65792c9e2b4c0ee0ddebe3c3d03fb15c
condor-aviary-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 9af3554d109a0a43e801badaf66b70e8
SHA-256: 06a41b63e79bbc69cb6b2fa663508b73bba58f00099ce7a81537d088501f5d1d
condor-classads-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: ba05f9d72891112f932822662d2a2014
SHA-256: 28fa9bc53a41be768c1e8a09092e7d3515d4f27f24ab8af4e4e44afc9b9a4c82
condor-cluster-resource-agent-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 53f0e6900a41bf8c6995800893eac03e
SHA-256: 552d39bdf5c03e2153543bf94026cc10e2ee9c939491c0672fd200837d89b38e
condor-debuginfo-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 20d6b94784df83a6d140a964e7991036
SHA-256: 74be8641454e68a147f740df7db5955aacaa2c41361938974142de8a0062cfc8
condor-deltacloud-gahp-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: c2d7678dc1dae9d353fd5e80f2915aab
SHA-256: 7f6b3552b0c1f98b4b64d064cb08d853e1bd3559cad48f7b536aea6cf7e5dc75
condor-kbdd-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 5af5a32d5a880cb0da29daedb01308aa
SHA-256: 4239ecddf7a0c75b5cd78c4a4a44bf9c369adbb83204466cfe18f54c757354b4
condor-plumage-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: bb54489db2db791c6f9fbb3f85c52422
SHA-256: 73136d67e3c3e93578640e0581818779e76f8842c658b4075ccd8b069ddfb0f4
condor-qmf-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 9cdc51e21c966d1acc36fa254ce90b43
SHA-256: 5e2586a946a2e20f34f8ae5b57d509d305a8d3cd51d5a01f03be6c02c55dd288
condor-vm-gahp-7.8.8-0.4.3.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 851fafc5a72c16fba84416dc493dc63e
SHA-256: efbce22ab522d02a7948ea7e7f7842246ee3f1cc4603c8287953e91d000f68e5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

919401 - CVE-2013-4255 condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/