| Description: | Summary:
The remote host is missing an update for the Debian 'slurm-llnl' package(s) announced via the DLA-2886-1 advisory.
Vulnerability Insight:
Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, which could result in denial of service, information disclosure or privilege escalation.
CVE-2019-12838
SchedMD Slurm allows SQL Injection.
CVE-2020-12693
In the rare case where Message Aggregation is enabled, Slurm allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
CVE-2020-27745
RPC Buffer Overflow in the PMIx MPI plugin.
CVE-2021-31215
SchedMD Slurm allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
For Debian 9 stretch, these problems have been fixed in version 16.05.9-1+deb9u5.
We recommend that you upgrade your slurm-llnl packages.
For the detailed security status of slurm-llnl please refer to its security tracker page at: [link moved to references]
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]
Affected Software/OS:
'slurm-llnl' package(s) on Debian 9.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
