Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 34: 2022-eeeff46680 Critical: Access Control Issues in Slurm

fedora
Calendar Grey May 17, 2022
Dist Fedora Esm H88
Upgrade slurm to version 21.08.8 to address severe security vulnerabilities related to access controls and information leaks in Fedora.
Update to 21.08.8 to fix CVE-2022-29500, CVE-2022-29501, and CVE-2022-29502

Summary

Slurm is an open source, fault-tolerant, and highly scalable

cluster management and job scheduling system for Linux clusters.

Components include machine status, partition management,

job management, scheduling and accounting modules.

Update to 21.08.8 to fix CVE-2022-29500, CVE-2022-29501, and CVE-2022-29502.

* Mon May 9 2022 Philip Kovacs - 21.08.8-2

- Update to 21.08.8-2 (upstream re-release)

* Thu May 5 2022 Carl George - 21.08.8-1

- Update to 21.08.8, resolves: rhbz#2082276

- Fix CVE-2022-29500, resolves: rhbz#2082286

- Fix CVE-2022-29501, resolves: rhbz#2082289

- Fix CVE-2022-29502, resolves: rhbz#2082293

* Sat Apr 2 2022 Philip Kovacs - 21.08.6-1

- Update to 21.08.6

* Sat Jan 22 2022 Fedora Release Engineering - 21.08.5-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Fri Jan 14 2022 Philip Kovacs - 21.08.5-1

- Update to 21.08.5

* Sun Nov 21 2021 Orion Poplawski - 21.08.4-2

- Rebuild for hdf5 1.12.1

[ 1 ] Bug #2082276 - slurm-21.08.8 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2082276

[ 2 ] Bug #2082286 - CVE-2022-29500 slurm: SchedMD has Incorrect Access Control that leads to Information Disclosure. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2082286

[ 3 ] Bug #2082289 - CVE-2022-29501 slurm: usage leads to unprivileged access to send arbritary unix socket as root [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2082289

[ 4 ] Bug #2082293 - CVE-2022-29502 slurm: I/O key validation allows attacker to intercept communication [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2082293

su -c 'dnf upgrade --advisory FEDORA-2022-eeeff46680' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory update critical Fedora access control information disclosure slurm

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 21.08.8
Release: 2.fc34
URL: https://slurm.schedmd.com/
Summary: Simple Linux Utility for Resource Management

Topics%20covered

Topics Covered

security advisory update critical Fedora access control information disclosure slurm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here