Описание
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| slurm-wlm | not-affected | package | ||
| slurm-llnl | removed | package | ||
| slurm-llnl | not-affected | jessie | package |
Примечания
https://www.schedmd.com/news.php?id=236
https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
Issue affects systems with Message Aggregation enabled
slurm-wlm/20.02.6-1 changed the source package name and included the fix
EPSS
Связанные уязвимости
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
EPSS