The following RPMs are being added to SL50-SL54 to resolve some dependency issues. Depending on your version of SL5 you may already have newer versions of these packages. These packages will be made available as needed per release and not all releases will need all the packages listed here. i386: ibsim-0.5-2.el5.i386.rpm ibvexdmtools-0.0.1-12.el5.i386.rpm infiniband-diags-1.5.3-1.el5.i386.rpm libibmad-1.3.3-1.el5.i386.rpm libibmad-devel-1.3.3-1.el5.i386.rpm libibmad-static-1.3.3-1.el5.i386.rpm libibverbs-1.1.1-6.el5_1.1.i386.rpm libibverbs-devel-1.1.1-6.el5_1.1.i386.rpm libibverbs-utils-1.1.1-6.el5_1.1.i386.rpm mpi-selector-1.0.0-2.el5.noarch.rpm mpitests-mvapich2-3.2-1.el5.i386.rpm mpitests-mvapich-3.2-1.el5.i386.rpm mpitests-openmpi-3.2-1.el5.i386.rpm mvapich-1.2.0-0.3562.1.el5.i386.rpm mvapich2-1.4-1.el5.i386.rpm openmpi-1.2.3-4.el5.i386.rpm openmpi-devel-1.2.3-4.el5.i386.rpm openmpi-libs-1.2.3-4.el5.i386.rpm qlvnictools-0.0.1-8.el5.i386.rpm srptools-0.0.4-8.el5.i386.rpm x86_64: ibsim-0.5-2.el5.x86_64.rpm ibvexdmtools-0.0.1-12.el5.x86_64.rpm infiniband-diags-1.5.3-1.el5.x86_64.rpm libibmad-1.3.3-1.el5.i386.rpm libibmad-1.3.3-1.el5.x86_64.rpm libibmad-devel-1.3.3-1.el5.i386.rpm libibmad-devel-1.3.3-1.el5.x86_64.rpm libibmad-static-1.3.3-1.el5.x86_64.rpm libibverbs-1.1.1-6.el5_1.1.i386.rpm libibverbs-1.1.1-6.el5_1.1.x86_64.rpm libibverbs-devel-1.1.1-6.el5_1.1.i386.rpm libibverbs-devel-1.1.1-6.el5_1.1.x86_64.rpm libibverbs-utils-1.1.1-6.el5_1.1.x86_64.rpm mpi-selector-1.0.0-2.el5.noarch.rpm mpitests-mvapich2-3.2-1.el5.x86_64.rpm mpitests-mvapich-3.2-1.el5.x86_64.rpm mpitests-openmpi-3.2-1.el5.x86_64.rpm mvapich-1.2.0-0.3562.1.el5.x86_64.rpm mvapich2-1.4-1.el5.x86_64.rpm openmpi-1.2.3-4.el5.x86_64.rpm openmpi-devel-1.2.3-4.el5.i386.rpm openmpi-devel-1.2.3-4.el5.x86_64.rpm openmpi-libs-1.2.3-4.el5.i386.rpm openmpi-libs-1.2.3-4.el5.x86_64.rpm qlvnictools-0.0.1-8.el5.x86_64.rpm srptools-0.0.4-8.el5.x86_64.rpm On 03/21/2012 04:25 PM, Patrick Riehecky wrote: > Synopsis: Low: ibutils security and bug fix update > Issue Date: 2012-02-21 > CVE Numbers: CVE-2008-3277 > > > The ibutils packages provide InfiniBand network and path diagnostics. > > It was found that the ibmssh executable had an insecure relative RPATH > (runtime library search path) set in the ELF (Executable and Linking > Format) header. A local user able to convince another user to run ibmssh in > an attacker-controlled directory could run arbitrary code with the > privileges of the victim. (CVE-2008-3277) > > This update also fixes the following bug: > > * Under certain circumstances, the "ibdiagnet -r" command could suffer from > memory corruption and terminate with a "double free or corruption" message > and a backtrace. With this update, the correct memory management function > is used to prevent the corruption. > > All users of ibutils are advised to upgrade to these updated packages, > which contain backported patches to correct these issues. > > SL5: > i386 > ibutils-1.2-11.2.el5.i386.rpm > ibutils-debuginfo-1.2-11.2.el5.i386.rpm > ibutils-devel-1.2-11.2.el5.i386.rpm > ibutils-libs-1.2-11.2.el5.i386.rpm > x86_64 > ibutils-1.2-11.2.el5.x86_64.rpm > ibutils-debuginfo-1.2-11.2.el5.i386.rpm > ibutils-debuginfo-1.2-11.2.el5.x86_64.rpm > ibutils-devel-1.2-11.2.el5.i386.rpm > ibutils-devel-1.2-11.2.el5.x86_64.rpm > ibutils-libs-1.2-11.2.el5.i386.rpm > ibutils-libs-1.2-11.2.el5.x86_64.rpm > > - Scientific Linux Development Team -- Pat Riehecky Scientific Linux Developer