Bug#961406: slurm-llnl: CVE-2020-12693

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#961406: slurm-llnl: CVE-2020-12693
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 24 May 2020 11:26:51 +0200
Message-id: <[🔎] 159031241154.3344311.15918524381413273492.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 961406@bugs.debian.org

Source: slurm-llnl
Version: 19.05.5-2
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for slurm-llnl.

CVE-2020-12693[0]:
| Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare
| case where Message Aggregation is enabled, allows Authentication
| Bypass via an Alternate Path or Channel. A race condition allows a
| user to launch a process as an arbitrary user.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-12693
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12693
[1] https://www.schedmd.com/news.php?id=236
[2] https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Next by Date: Processing of ibsim_0.9-1_source.changes
Next by thread: Processing of ibsim_0.9-1_source.changes
Index(es):
- Date
- Thread