The Open MPI Team, representing a consortium of research, academic, and
industry partners is releasing Open MPI version 1.4 in reaction to the GNU
Libtool 2.2.6b security update release (see
http://security-tracker.debian.org/tracker/CVE-2009-3736 for more details).
This release closes a potential security vulnerability associated with the
embedded version of GNU Libtool used in the Open MPI v1.3 series. This release
also represents the transition from the v1.3 series of functional enhancement
releases to the stable v1.4 series of bug fix releases. We recommend that all
users currently on the v1.3 series upgrade to this v1.4 release. As this
represents the transition to the v1.4 stable branch, we also encourage all
v1.2.x users to upgrade to v1.4.
*** More details about this release were sent to the Open MPI user's list:
http://www.open-mpi.org/community/lists/users/2009/12/11460.php
Version 1.4 can be downloaded from the main Open MPI web site or any of its
mirrors (mirrors will be updating shortly).
As indicated above, there is only one change from the 1.4 release:
- Use GNU Libtool 2.2.6b to build Open MPI, which updates the
embedded "libltdl" library to fix a potential security
vulnerability. There are no other changes compared to Open MPI
v1.3.4.
Note that the GNU Libtool libltdl problem extends back quite a few versions; it
includes the version that was used to build Open MPI v1.2.9. There are no
plans to release a patched v1.2.10 at this time; we are recommending that
v1.2.x users upgrade to v1.4. If you have a need for v1.2.10, please send mail
to the Open MPI users' mailing list.
--
Jeff Squyres
jsquy...@cisco.com
