[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#961406: slurm-llnl: CVE-2020-12693

Source: slurm-llnl
Version: 19.05.5-2
Severity: important
Tags: security upstream


The following vulnerability was published for slurm-llnl.

| Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare
| case where Message Aggregation is enabled, allows Authentication
| Bypass via an Alternate Path or Channel. A race condition allows a
| user to launch a process as an arbitrary user.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-12693
[1] https://www.schedmd.com/news.php?id=236
[2] https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html

Please adjust the affected versions in the BTS as needed.


Reply to: