drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in slurm-llnl
Name: |
Ausführen beliebiger Kommandos in slurm-llnl |
|
ID: |
DSA-4023-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian stretch |
|
Datum: |
Di, 7. November 2017, 23:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15566 |
|
Applikationen: |
slurm-llnl |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : slurm-llnl CVE ID : CVE-2017-15566 Debian Bug : 880530
Ryan Day discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a Prolog or Epilog script are vulnerable, regardless of whether SPANK plugins are in use.
For the stable distribution (stretch), this problem has been fixed in version 16.05.9-1+deb9u1.
For the unstable distribution (sid), this problem has been fixed in version 17.02.9-1.
We recommend that you upgrade your slurm-llnl packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloCMJ5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TtSw/7BpJktGFPvaJWEw+tqyqb/adgprZzHJKAuZHyBrM4njcmASOU8xgGLQzU r6dYbXFl1KVZAvLr9bOJx+rUKP/2M7Th0bb+bS1TO/QXpNNlAtqmDSn/U2meB5zF Qs57FEJJZHTmcvFiPMvn+WuRJTmje4dneNdWKhrNqJ9sq74eeDuw2hmbp2tf8l2r tiTVeOgvlnorqAxVXeJovZZa3fPgioxURMMHeDxM62er5JBrg/TvJ6zskeDx//HI QO92lyBTxuiwI4eAmgoETwEgQmDs/7FRfx4LD7RJDaOTUflHILLjxWg1Kft0m5al baAE6k1bGBRgNq8hTx5HCrTrqg849NG9QgmNbXCWq5tIDChefAWT1XGrbpxZlTrY hbZBHLc2lt+vCyqENEz1p568PejbekQNMwEobJu38ZWFWFN1nm+2qqHJVJKqp3bZ RuH9Qbq4bA9HSkJDwy21+Mwisq4N5Y3BAJODwHM/SUGb36DX9fPfLncWOoAKLb49 YVJ1kV/4Ncp7sckokmTc8H76rdlolUlI0pqImx0o3KByWuItqL5iyVg0EW/iw85U t6Amh9kbzx1XXyWvMBsGC0MJlsvPmacsy1ZYQ1QVlTNPnhidiFhOAN+NSNsvc6Gg 24xL5ENzBDa7rI6Q/awmFLPa0P2cd1d/8fDo0EfADZyfLJIWFOc= =8VJo -----END PGP SIGNATURE-----
|
|
|
|