Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Revision as of 17:01, 11 February 2015 by Cornwall (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More


** WHITE information - Unlimited distribution allowed                       **  

** see for distribution restrictions **


Title:       EGI SVG Advisory 'Moderate' RISK - Torque CVE-2014-3684 resolved in Torque version 
             in the EGI AppDB part of the UMD [EGI-SVG-2014-7628]

Date:         2015-02-11 



A vulnerability has been announced publicly in Torque, CVE-2014-3684 [R 1], [R 2].

The patch for this has been applied to the version of Torque available in the EGI AppDB part of the UMD.  [R 3]


For details see [R 1], [R 2] 

Risk category

This issue has been assessed as 'Moderate' risk by the EGI SVG Risk Assessment Team. 

Affected software


In the AppDB (for RedHat) this is fixed in version 2.5.13-1cri-9nik In this case the patch for this specific 
vulnerability has been applied to an older version of Torque.

For Debian this has been fixed by the software providers in version 2.4.16+dfsg-1+deb7u4., and they have produced 
their advisory [R 4] 

For other software providers, see links in [R 1] and [R 2].



Component installation information

A version of Torque is provided in the AppDB area of the UMD solves all currently known problems.

This is available for el5, el6 and its derivatives, and should be suitable for most sites.   

Limited support on a best efforts basis is provided by the EGI SVG, and support is not guaranteed in the future. 


Sites are recommended to update relevant components. 

SVG alerted to Vulnerability announcement by David Crooks from Glasgow  

Patch incorporated into the SVG Fixes area of the EGI AppDB by Mischa Salle from Nikhef. 


[R 1]

[R 2]

[R 3]

[R 4]


2014-11-03 SVG alerted to Vulnerability announcement by David Crooks from Glasgow
2014-11-03 Acknowledgement from the EGI SVG to the reporter
2014-11-20 Assessment agreed at SVG meeting.
2015-02-09 Updates added to AppDB version
2015-02-11 Public disclosure