Grid Engine 5.3p5 fixes multiple openSSL vulnerabilites

Regensburg, Germany -- November 21, 2003


Grid Engine (SGE) 5.3p5 is a patch release which fixes multiple vulnerabilites of the OpenSSL library 0.9.7a.  Only users who run Grid Engine with OpenSSL support enabled ("CSP mode") should install this patch. Other users should check  the complete list of bug fixes in this release (see below) to find out whether they need to install this release. Grid Engine 5.3p5 is linked with OpenSSL 0.9.7c.

For more information about the the openSSL vulnerabilites see the CERT® Advisory CA-2003-26

http://www.cert.org/advisories/CA-2003-26.html
and the OpenSSL Security Advisory
http://www.openssl.org/news/secadv_20030930.txt
SGE 5.3p5 is fully compatible with previous SGE 5.3 releases. This release is available as a courtesy binary distribution from Sun Microsystems at the project download page. This patch release changes the binaries and the architecture independent files ("common" package). The unchanged PDF documentation set for SGE and SGEEE is provided by Sun Microsystems as a courtesy contribution for users of the Grid Engine open source software.

Users who do a new installation of SGE need to follow the directions at the project download page. Users who install this version as a patch for any previous SGE 5.3 release can find directions how to install the patch at

install53patch
A list of bugfixes for this release can be found at
53patches
Users who want to access the corresponding source code need to checkout the CVS tag
V53p5_TAG
in the branch of the CVS repository
V53_beta2_BRANCH
A snapshot of the Grid Engine 5.3p4 sources is available as a source tarball at the  File Exchange Tool as file sge-V53p5_TAG-src.tar.gz.