Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4023-1] slurm-llnl security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4023-1] slurm-llnl security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4023-1] slurm-llnl security update
  • Date: Tue, 07 Nov 2017 22:22:43 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1eCCGZ-0006VU-4l AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 7 Nov 2017 22:23:06 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <WnlEucwu42E.A.HSG.KJjAaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4023-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 07, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : slurm-llnl
CVE ID : CVE-2017-15566
Debian Bug : 880530

Ryan Day discovered that the Simple Linux Utility for Resource
Management (SLURM), a cluster resource management and job scheduling
system, does not properly handle SPANK environment variables, allowing a
user permitted to submit jobs to execute code as root during the Prolog
or Epilog. All systems using a Prolog or Epilog script are vulnerable,
regardless of whether SPANK plugins are in use.

For the stable distribution (stretch), this problem has been fixed in
version 16.05.9-1+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 17.02.9-1.

We recommend that you upgrade your slurm-llnl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloCMJ5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TtSw/7BpJktGFPvaJWEw+tqyqb/adgprZzHJKAuZHyBrM4njcmASOU8xgGLQzU
r6dYbXFl1KVZAvLr9bOJx+rUKP/2M7Th0bb+bS1TO/QXpNNlAtqmDSn/U2meB5zF
Qs57FEJJZHTmcvFiPMvn+WuRJTmje4dneNdWKhrNqJ9sq74eeDuw2hmbp2tf8l2r
tiTVeOgvlnorqAxVXeJovZZa3fPgioxURMMHeDxM62er5JBrg/TvJ6zskeDx//HI
QO92lyBTxuiwI4eAmgoETwEgQmDs/7FRfx4LD7RJDaOTUflHILLjxWg1Kft0m5al
baAE6k1bGBRgNq8hTx5HCrTrqg849NG9QgmNbXCWq5tIDChefAWT1XGrbpxZlTrY
hbZBHLc2lt+vCyqENEz1p568PejbekQNMwEobJu38ZWFWFN1nm+2qqHJVJKqp3bZ
RuH9Qbq4bA9HSkJDwy21+Mwisq4N5Y3BAJODwHM/SUGb36DX9fPfLncWOoAKLb49
YVJ1kV/4Ncp7sckokmTc8H76rdlolUlI0pqImx0o3KByWuItqL5iyVg0EW/iw85U
t6Amh9kbzx1XXyWvMBsGC0MJlsvPmacsy1ZYQ1QVlTNPnhidiFhOAN+NSNsvc6Gg
24xL5ENzBDa7rI6Q/awmFLPa0P2cd1d/8fDo0EfADZyfLJIWFOc=
=8VJo
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4023-1] slurm-llnl security update, Salvatore Bonaccorso, 07.11.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang