slurm-llnl - security update


Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, which could result in denial of service, information disclosure or privilege escalation. * [CVE-2019-12838](https://security-tracker.debian.org/tracker/CVE-2019-12838) SchedMD Slurm allows SQL Injection. * [CVE-2020-12693](https://security-tracker.debian.org/tracker/CVE-2020-12693) In the rare case where Message Aggregation is enabled, Slurm allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. * [CVE-2020-27745](https://security-tracker.debian.org/tracker/CVE-2020-27745) RPC Buffer Overflow in the PMIx MPI plugin. * [CVE-2021-31215](https://security-tracker.debian.org/tracker/CVE-2021-31215) SchedMD Slurm allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. For Debian 9 stretch, these problems have been fixed in version 16.05.9-1+deb9u5. We recommend that you upgrade your slurm-llnl packages. For the detailed security status of slurm-llnl please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/slurm-llnl> Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>

Affected Software

CPE Name Name Version
slurm-llnl 16.05.9-1+deb9u2
slurm-llnl 16.05.9-1+deb9u3
slurm-llnl 16.05.9-1
slurm-llnl 16.05.9-1+deb9u1
slurm-llnl 16.05.9-1+deb9u4