Home / mailings [SECURITY] [DSA 4023-1] slurm-llnl security update
Posted on 07 November 2017
Debian Security Advisory-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4023-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 07, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : slurm-llnl
CVE ID : CVE-2017-15566
Debian Bug : 880530
Ryan Day discovered that the Simple Linux Utility for Resource
Management (SLURM), a cluster resource management and job scheduling
system, does not properly handle SPANK environment variables, allowing a
user permitted to submit jobs to execute code as root during the Prolog
or Epilog. All systems using a Prolog or Epilog script are vulnerable,
regardless of whether SPANK plugins are in use.
For the stable distribution (stretch), this problem has been fixed in
version 16.05.9-1+deb9u1.
For the unstable distribution (sid), this problem has been fixed in
version 17.02.9-1.
We recommend that you upgrade your slurm-llnl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
