Описание
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| slurm-wlm | fixed | 20.11.7+really20.11.4-2 | package | |
| slurm-llnl | removed | package | ||
| slurm-llnl | no-dsa | buster | package |
Примечания
https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7)
Initially already fixed in 20.11.7-1 (the tracker would do the right thing)
but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2
for consistency with BTS.
EPSS
Связанные уязвимости
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
EPSS