[SECURITY] [DSA 4023-1] slurm-llnl security update

2017-11-0722:22:43

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Debian Security Advisory DSA-4023-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 07, 2017 https://www.debian.org/security/faq

Package : slurm-llnl
CVE ID : CVE-2017-15566
Debian Bug : 880530

Ryan Day discovered that the Simple Linux Utility for Resource
Management (SLURM), a cluster resource management and job scheduling
system, does not properly handle SPANK environment variables, allowing a
user permitted to submit jobs to execute code as root during the Prolog
or Epilog. All systems using a Prolog or Epilog script are vulnerable,
regardless of whether SPANK plugins are in use.

For the stable distribution (stretch), this problem has been fixed in
version 16.05.9-1+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 17.02.9-1.

We recommend that you upgrade your slurm-llnl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9s390xslurm-wlm-basic-plugins-dbg< 16.05.9-1+deb9u1slurm-wlm-basic-plugins-dbg_16.05.9-1+deb9u1_s390x.deb
Debian9armelslurm-client< 16.05.9-1+deb9u1slurm-client_16.05.9-1+deb9u1_armel.deb
Debian9armhfslurm-wlm-emulator-dbgsym< 16.05.9-1+deb9u1slurm-wlm-emulator-dbgsym_16.05.9-1+deb9u1_armhf.deb
Debian9armellibslurmdb-perl< 16.05.9-1+deb9u1libslurmdb-perl_16.05.9-1+deb9u1_armel.deb
Debian9mips64ellibpmi0-dbg< 16.05.9-1+deb9u1libpmi0-dbg_16.05.9-1+deb9u1_mips64el.deb
Debian9armhflibpmi2-0-dbg< 16.05.9-1+deb9u1libpmi2-0-dbg_16.05.9-1+deb9u1_armhf.deb
Debian9mipselsview-dbgsym< 16.05.9-1+deb9u1sview-dbgsym_16.05.9-1+deb9u1_mipsel.deb
Debian9armelslurm-client-emulator-dbgsym< 16.05.9-1+deb9u1slurm-client-emulator-dbgsym_16.05.9-1+deb9u1_armel.deb
Debian9s390xslurmd-dbg< 16.05.9-1+deb9u1slurmd-dbg_16.05.9-1+deb9u1_s390x.deb
Debian9amd64slurm-client-emulator-dbgsym< 16.05.9-1+deb9u1slurm-client-emulator-dbgsym_16.05.9-1+deb9u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	s390x	slurm-wlm-basic-plugins-dbg	< 16.05.9-1+deb9u1	slurm-wlm-basic-plugins-dbg_16.05.9-1+deb9u1_s390x.deb
Debian	9	armel	slurm-client	< 16.05.9-1+deb9u1	slurm-client_16.05.9-1+deb9u1_armel.deb
Debian	9	armhf	slurm-wlm-emulator-dbgsym	< 16.05.9-1+deb9u1	slurm-wlm-emulator-dbgsym_16.05.9-1+deb9u1_armhf.deb
Debian	9	armel	libslurmdb-perl	< 16.05.9-1+deb9u1	libslurmdb-perl_16.05.9-1+deb9u1_armel.deb
Debian	9	mips64el	libpmi0-dbg	< 16.05.9-1+deb9u1	libpmi0-dbg_16.05.9-1+deb9u1_mips64el.deb
Debian	9	armhf	libpmi2-0-dbg	< 16.05.9-1+deb9u1	libpmi2-0-dbg_16.05.9-1+deb9u1_armhf.deb
Debian	9	mipsel	sview-dbgsym	< 16.05.9-1+deb9u1	sview-dbgsym_16.05.9-1+deb9u1_mipsel.deb
Debian	9	armel	slurm-client-emulator-dbgsym	< 16.05.9-1+deb9u1	slurm-client-emulator-dbgsym_16.05.9-1+deb9u1_armel.deb
Debian	9	s390x	slurmd-dbg	< 16.05.9-1+deb9u1	slurmd-dbg_16.05.9-1+deb9u1_s390x.deb
Debian	9	amd64	slurm-client-emulator-dbgsym	< 16.05.9-1+deb9u1	slurm-client-emulator-dbgsym_16.05.9-1+deb9u1_amd64.deb