User login
Qlustar: Install and enjoy!

[QSA-0606183] slurm vulnerability

Qlustar Security Advisory 0606183

June 6th, 2018


Summary:

The system could allow privilege escalation.


    Package(s)       : slurmctld
    Qlustar releases : 10.0
    Affected versions: All versions prior to this update
    Vulnerability    : privilege escalation
    Problem type     : local
    Qlustar-specific : no
    CVE Id(s)        : CVE-2018-10995
  

It was discovered that Slurm mishandles user names (aka user_name fields) and group ids (aka gid fields). This could lead to a privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following Qlustar package versions in addition to the package versions mentioned in the upstream reports (follow the Qlustar Update Instructions, but note that the update only needs to be done on the cluster head-node):

    slurmctld    17.02.11-ql.1+xenial
  
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08