The Open MPI Team, representing a consortium of research, academic, and industry partners is releasing Open MPI version 1.4 in reaction to the GNU Libtool 2.2.6b security update release (see http://security-tracker.debian.org/tracker/CVE-2009-3736 for more details).
This release closes a potential security vulnerability associated with the embedded version of GNU Libtool used in the Open MPI v1.3 series. This release also represents the transition from the v1.3 series of functional enhancement releases to the stable v1.4 series of bug fix releases. We recommend that all users currently on the v1.3 series upgrade to this v1.4 release. As this represents the transition to the v1.4 stable branch, we also encourage all v1.2.x users to upgrade to v1.4.
*** More details about this release were sent to the Open MPI user's list:
Version 1.4 can be downloaded from the main Open MPI web site or any of its mirrors (mirrors will be updating shortly).
As indicated above, there is only one change from the 1.4 release:
- Use GNU Libtool 2.2.6b to build Open MPI, which updates the
embedded "libltdl" library to fix a potential security
vulnerability. There are no other changes compared to Open MPI
Note that the GNU Libtool libltdl problem extends back quite a few versions; it includes the version that was used to build Open MPI v1.2.9. There are no plans to release a patched v1.2.10 at this time; we are recommending that v1.2.x users upgrade to v1.4. If you have a need for v1.2.10, please send mail to the Open MPI users' mailing list.