Skip to navigation

Security Advisory Moderate: Red Hat Enterprise MRG Grid 2.4 security update

Advisory: RHSA-2013:1294-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-10-01
Last updated on: 2013-10-01
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2013-4284

Details

Updated Grid component packages that fix one security issue, multiple bugs,
and add various enhancements are now available for Red Hat Enterprise MRG
2.4 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved infrastructure
utilization by leveraging their existing technology to build high
performance grids. MRG Grid provides a job-queueing mechanism, scheduling
policy, and a priority scheme, as well as resource monitoring and resource
management. Users submit their jobs to MRG Grid, where they are placed into
a queue. MRG Grid then chooses when and where to run the jobs based upon a
policy, carefully monitors their progress, and ultimately informs the user
upon completion.

A denial of service flaw was found in the way cumin, a web management
console for MRG, processed certain Ajax update queries. A remote attacker
could use this flaw to issue a specially crafted HTTP request, causing
excessive use of CPU time and memory on the system. (CVE-2013-4284)

The CVE-2013-4284 issue was discovered by Tomas Novacik of Red Hat.

These updated packages for Red Hat Enterprise Linux 6 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some of the most
important enhancements include:

* Improved resource utilization with scheduler driven slot partitioning
* Enhanced integration with existing user & group management
technology, specifically allowing group and netgroup specifications in
HTCondor security policies
* Addition of global job priorities, allowing for priority to span
scaled-out queues
* Reduced memory utilization per running job

Space precludes documenting all of these changes in this advisory. Refer to
the Red Hat Enterprise MRG 2 Technical Notes document, available shortly
from the link in the References section, for information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are advised to
upgrade to these updated packages, which correct this issue, and fix the
bugs and add the enhancements noted in the Red Hat Enterprise MRG 2
Technical Notes.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
condor-7.8.9-0.5.el6.src.rpm     MD5: d9594a9445e402dc2d1b661170760285
SHA-256: 439538b08616248fc37fb78a852083489744222116a0700e198c17fa57238e9b
cumin-0.1.5786-2.el6.src.rpm
File outdated by:  RHSA-2013:1852
    MD5: bff6e54c8b9a8fdb3233c8cca27a9a89
SHA-256: c4f385af8ac6408832b20132cd8fd34c51c06738688a22fd0067541d6de03167
mrg-release-2.4.0-1.el6.src.rpm     MD5: 0886daa4df3199382c46eb392c83f659
SHA-256: 8c8bc441eac3feb541c7edad60547e70a7341459a21dd99daa89d69b0da22d3c
 
IA-32:
condor-7.8.9-0.5.el6.i686.rpm     MD5: bc33102f6231647f3bec4fa752203617
SHA-256: fd04c2a380a5a2b9a4d3cb720a32557f64d045c07644194715bbcb047b979ab5
condor-aviary-7.8.9-0.5.el6.i686.rpm     MD5: 9dff8b26a7b54d3682e8eb117e8cf9dd
SHA-256: e27f656672bf9a92f5ab919b002751ffb0a58db8b0e458040d72a048ca18f8de
condor-classads-7.8.9-0.5.el6.i686.rpm     MD5: 3580e5794d9768c973964ff06b232e74
SHA-256: a03c1d4128d6abcf417449d564b9737485b6ca759235912322d62d458b5e3e6d
condor-cluster-resource-agent-7.8.9-0.5.el6.i686.rpm     MD5: b0da0730072390a6292118de591d63ac
SHA-256: 4ea6853ca9d67c784e320ee772e88cafd0e05735eaefd4780fdab06e27ea3277
condor-debuginfo-7.8.9-0.5.el6.i686.rpm     MD5: 3594b4fa3dd1443748aa8be21e1ba06c
SHA-256: 90ddbfd9df6d65db9cefb5982c7c7ba80f1ac5636642da2222414509abd9f982
condor-kbdd-7.8.9-0.5.el6.i686.rpm     MD5: 2b976543b285ea105f1432da8437755a
SHA-256: 5710cdc864beb56f79934a9054ee7fe325782e264d88eaa3426c74fb40f307ed
condor-plumage-7.8.9-0.5.el6.i686.rpm     MD5: e12af6b4200a57036328697a511cf44f
SHA-256: 6be5c0cd5c8f50bdeb59628cacce1e1386fbc404ff26c8be29a0f701bb5604e2
condor-qmf-7.8.9-0.5.el6.i686.rpm     MD5: 2d495a9c3569c7a8da77310246b65026
SHA-256: cfa44355a400f7cec100f2b50aef4e79d25757faedea6bcd61e7c656732019e7
cumin-0.1.5786-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: 79ec97062622b57eca0d78c294bf1649
SHA-256: 14212f7ae60ce43490e763cc85746732dee52aaea213ae3ecb1d851325338cd0
mrg-release-2.4.0-1.el6.noarch.rpm     MD5: 75e6a059bde1b344e536b31401c2af55
SHA-256: 21e1feb43be901f71d7d44b376b0fbdfb9090bfc528448ba382fa8d5c59b2a36
 
x86_64:
condor-7.8.9-0.5.el6.x86_64.rpm     MD5: 8896253cd3e024f22e7185e829d3e3b6
SHA-256: 72691bc1be4e4f28d3bf13b63e20e58b200a464347f564c4b43f83bd4cfabf92
condor-aviary-7.8.9-0.5.el6.x86_64.rpm     MD5: 5188decb68d5636990f54676c24a82f1
SHA-256: 6fa49062a952798f3345475be5d2e4ea27bde3ec36c35419fac05ba37adf23f6
condor-classads-7.8.9-0.5.el6.x86_64.rpm     MD5: f886b8dc78190e64bf7b2dd4113296c6
SHA-256: c086d0176f58bae534b9dace58e9e13a1ce9f76a0001cbd56366549b847f4385
condor-cluster-resource-agent-7.8.9-0.5.el6.x86_64.rpm     MD5: 09133ae5bac3c450a6337ad04396d74f
SHA-256: b767b3bce3e61065a5273290aae3847d77599fdb433f5246c32b0dffdb638e6c
condor-debuginfo-7.8.9-0.5.el6.x86_64.rpm     MD5: 43fa9ce06170975ace89410a656fec3d
SHA-256: 6f152dadc7ce872e754597b25afaf88751f9e065b06576dd119f28d73fd8a57c
condor-deltacloud-gahp-7.8.9-0.5.el6.x86_64.rpm     MD5: 63b34e1fc6b25436eb2728c9dc9ffea9
SHA-256: d5e67bd2abc4020e9ecaccaa081d34a073bba4e4c96fb6809955f4a95147724c
condor-kbdd-7.8.9-0.5.el6.x86_64.rpm     MD5: 1b621f48842306678a2877fbd963c6e6
SHA-256: c16273f6800932db8a25602ea4a437cc186a4eebd194ee0c85316bdd0a6509c8
condor-plumage-7.8.9-0.5.el6.x86_64.rpm     MD5: 8b5e1ff33fe6b65f74b7eeecc71a9335
SHA-256: 36bac6c58613b54c1f809b16022476fb9cb5bd1b2f8852c4d23f17b15119ebe4
condor-qmf-7.8.9-0.5.el6.x86_64.rpm     MD5: 6f1a525ef1580904e160b01ca5d4c559
SHA-256: 4837c20087502ce54619cfa983fd6d54b2f6b8ca1e87c6ebfa599287caa96c48
condor-vm-gahp-7.8.9-0.5.el6.x86_64.rpm     MD5: a7d91049bfb7525ab074669468d658b3
SHA-256: 94d01d70affcbcfaf2581e55e0b9756f0d02ce77e5d4a0821560c5ec48121794
cumin-0.1.5786-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: 79ec97062622b57eca0d78c294bf1649
SHA-256: 14212f7ae60ce43490e763cc85746732dee52aaea213ae3ecb1d851325338cd0
mrg-release-2.4.0-1.el6.noarch.rpm     MD5: 75e6a059bde1b344e536b31401c2af55
SHA-256: 21e1feb43be901f71d7d44b376b0fbdfb9090bfc528448ba382fa8d5c59b2a36
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

794818 - RFE: Support multiple claims from p-slots in negotiation loop
986214 - CVE-2013-4284 cumin: Denial of service due to improper handling of certain Ajax requests


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/