The Red Hat High Performance Computing (HPC) Solution version 5.5 for Red Hat Enterprise Linux 5.5, or RHHPC 5.5, is now available, fixing multiple security issues, multiple bugs, and adding several enhancements. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The Red Hat HPC Solution is a low-cost, end-to-end software stack for high performance computing. It provides all the tools needed to deploy, run, and manage an HPC cluster in one easy-to-install package. It is designed to power departmental clusters running industry-standard x86 64-bit hardware. This update introduces the Red Hat HPC Solution version 5.5 for Red Hat Enterprise Linux 5.5, RHHPC 5.5. (BZ#599419) RHHPC 5.5 changes include: * add-on kits updated according to the new upstream released version. * many bug fixes for PCM, and enhancements for image/diskless provisioning. The Cacti RRD graphing tool was updated to version 0.8.7g, fixing multiple security flaws: Multiple SQL injection flaws were discovered in Cacti. An unauthenticated, or authenticated user with certain administrative privileges, could use these flaws to execute arbitrary SQL queries. (CVE-2010-2092, CVE-2010-1431) Multiple command injection flaws were discovered in Cacti. An authenticated user with certain administrative privileges could use these flaws to execute arbitrary commands on the Cacti server with the privileges of the web server user. (CVE-2010-1645) Multiple cross-site scripting (XSS) flaws were discovered in Cacti. An unauthenticated, or authenticated user with certain administrative privileges, could perform an XSS attack against victims viewing Cacti web pages. (CVE-2009-4032, CVE-2010-1644, CVE-2010-2544, CVE-2010-2545) Users wanting to run the Red Hat HPC Solution on Red Hat Enterprise Linux 5.5 should install these packages.