Several security issues were fixed in Slurm.
Software Description:
- slurm-llnl: Simple Linux Utility for Resource Management
Details:
USN-4781-1 fixed several vulnerabilities in Slurm. This update provides
the corresponding updates for Ubuntu 14.04 ESM (CVE-2016-10030) and
Ubuntu 16.04 ESM (CVE-2018-10995).
Original advisory details:
It was discovered that Slurm incorrectly handled certain messages
between the daemon and the user. An attacker could possibly use this
issue to assume control of an arbitrary file on the system. This
issue only affected Ubuntu 16.04 ESM.
(CVE-2016-10030)
It was discovered that Slurm mishandled SPANK environment variables.
An attacker could possibly use this issue to gain elevated privileges.
This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566)
It was discovered that Slurm mishandled certain SQL queries. A local
attacker could use this issue to gain elevated privileges. This
issue...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libpam-slurm 15.08.7-1ubuntu0.1~esm5 libpmi0 15.08.7-1ubuntu0.1~esm5 libslurm-perl 15.08.7-1ubuntu0.1~esm5 libslurm29 15.08.7-1ubuntu0.1~esm5 libslurmdb-perl 15.08.7-1ubuntu0.1~esm5 libslurmdb29 15.08.7-1ubuntu0.1~esm5 slurm-client 15.08.7-1ubuntu0.1~esm5 slurm-client-emulator 15.08.7-1ubuntu0.1~esm5 slurm-llnl 15.08.7-1ubuntu0.1~esm5 slurm-llnl-slurmdbd 15.08.7-1ubuntu0.1~esm5 slurm-wlm 15.08.7-1ubuntu0.1~esm5 slurm-wlm-basic-plugins 15.08.7-1ubuntu0.1~esm5 slurm-wlm-emulator 15.08.7-1ubuntu0.1~esm5 slurm-wlm-torque 15.08.7-1ubuntu0.1~esm5 slurmctld 15.08.7-1ubuntu0.1~esm5 slurmd 15.08.7-1ubuntu0.1~esm5 slurmdbd 15.08.7-1ubuntu0.1~esm5 sview 15.08.7-1ubuntu0.1~esm5 Ubuntu 14.04 ESM: libpam-slurm 2.6.5-1ubuntu0.1~esm6 libpmi0 2.6.5-1ubuntu0.1~esm6 libslurm-perl 2.6.5-1ubuntu0.1~esm6 libslurm26 2.6.5-1ubuntu0.1~esm6 libslurmdb-perl 2.6.5-1ubuntu0.1~esm6 libslurmdb26 2.6.5-1ubuntu0.1~esm6 slurm-llnl 2.6.5-1ubuntu0.1~esm6 slurm-llnl-basic-plugins 2.6.5-1ubuntu0.1~esm6 slurm-llnl-slurmdbd 2.6.5-1ubuntu0.1~esm6 slurm-llnl-sview 2.6.5-1ubuntu0.1~esm6 slurm-llnl-torque 2.6.5-1ubuntu0.1~esm6 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4781-1
CVE-2016-10030, CVE-2018-10995
Get the latest Linux and open source security news straight to your inbox.