[QSA-0917193] slurmdbd vulnerability

Qlustar Security Advisory 0917193

Sept 17th, 2019


slurmdbd is vulnerable to SQL injection..

    Package(s)       : slurmdbd
    Qlustar releases : 11.0
    Affected versions: All versions prior to this update
    Vulnerability    : data integrity
    Problem type     : network
    Qlustar-specific : no
    CVE Id(s)        : CVE-2019-12838

Relevant to Qlustar 11.0

slurmdbd vulnerability

This update fixes a SQL injection in slurmdbd.

Update instructions:

The problem can be corrected by updating your system to the following Qlustar package versions (follow the Qlustar Update Instructions):

    slurmdbd                                    18.08.8-ql.1+11-bionic           

Note that the new package needs to be installed only on the head-node(s). After installing the new package, restart slurmdbd as follows:

$ service slurmdbd restart