CVE-2011-2907: authentication bypass in torque

[Vincent Danen <vdanen () redhat com>]

Just a heads up on a security flaw in torque that can makes it
vulnerable to an authorization bypass.

The gory details are available here:

http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html
https://bugzilla.redhat.com/show_bug.cgi?id=713090

The long and short of it is that if you ship torque compiled with munge
support, you are not vulnerable.

This issue was assigned the name CVE-2011-2907.

--
Vincent Danen / Red Hat Security Response Team