This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
oar_2.5.7 [2016/04/07 17:01] – neyron | oar_2.5.7 [2016/04/07 18:08] (current) – [Changelog] neyron | ||
---|---|---|---|
Line 6: | Line 6: | ||
===== Forword ===== | ===== Forword ===== | ||
- | Thanks to Emmanuel Thomé, | + | This version mainly brings |
+ | **highly recommended to upgrade (server, frontend(s) and nodes)**, since all | ||
+ | previous versions of OAR are affected. | ||
- | **OAR 2.5.7 fixes this vulnerability. | + | Thanks to Emmanuel Thomé, a vulnerability was discovered in OAR, which |
+ | affects all previous versions of OAR. This vulnerability allows any user | ||
+ | of a cluster managed by OAR to read parts of data which are not supposed | ||
+ | to be readable by the user. This vulnerability | ||
+ | gain root privileges on the cluster. It is in particular known to | ||
+ | eventually allow one to disclose part of private ssh keys (CVE-2016-1235). | ||
- | As usually, OAR 2.5.7 is distributed as RPM ([[download# | + | As usually, OAR 2.5.7 is distributed as RPM ([[download# |
== Note for Debian stable and old stable == | == Note for Debian stable and old stable == | ||
- | Versions of packages are frozen in Debian stable | + | Versions of packages are frozen in Debian stable |
- | + | Therefore, security update packages are also provided for Jessie (Debian | |
- | Nevertheless, | + | 8): // |
+ | fix the vulnerability. | ||
+ | However, for those stable distributions, | ||
+ | [[http:// | ||
===== Changelog ===== | ===== Changelog ===== | ||
Line 24: | Line 34: | ||
recommanded to upgrade, since all previous versions of OAR are affected. | recommanded to upgrade, since all previous versions of OAR are affected. | ||
- | * [oarsh] fix a security hole when passing option to OpenSSH. See oar.conf to | + | * [oarsh] fix a security hole when passing option to OpenSSH. See oar.conf to adapt settings to your setup, if required (OARSH_* variables) |
- | | + | * [oarsh] dropped the mechanism to select whether to use oarsh or fall back to ssh, given a list of hostname patterns |
- | * [oarsh] dropped the mechanism to select whether to use oarsh or fall back | + | |
- | | + | |
* [oarsub] fix the job-key information of the manual page | * [oarsub] fix the job-key information of the manual page | ||
* [oarsub] handle cases where trailing spaces were breaking oarsub script directives | * [oarsub] handle cases where trailing spaces were breaking oarsub script directives |