Gentoo alert 202409-16 (Slurm)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202409-16 ] Slurm: Multiple Vulnerabilities | |
| Date: | Sun, 22 Sep 2024 07:40:10 -0000 | |
| Message-ID: | <172699081091.7.2397509789565737750@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Slurm: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #631552, #920104 ID: 202409-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Slurm, the worst of which could result in privilege escalation or code execution. Background ========== Slurm is a highly scalable resource manager. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ sys-cluster/slurm <= 22.05.3 Vulnerable! Description =========== Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for Slurm. We recommend that users unmerge it: # emerge --ask --depclean "sys-cluster/slurm" References ========== [ 1 ] CVE-2020-36770 https://nvd.nist.gov/vuln/detail/CVE-2020-36770 [ 2 ] CVE-2023-49933 https://nvd.nist.gov/vuln/detail/CVE-2023-49933 [ 3 ] CVE-2023-49934 https://nvd.nist.gov/vuln/detail/CVE-2023-49934 [ 4 ] CVE-2023-49935 https://nvd.nist.gov/vuln/detail/CVE-2023-49935 [ 5 ] CVE-2023-49936 https://nvd.nist.gov/vuln/detail/CVE-2023-49936 [ 6 ] CVE-2023-49937 https://nvd.nist.gov/vuln/detail/CVE-2023-49937 [ 7 ] CVE-2023-49938 https://nvd.nist.gov/vuln/detail/CVE-2023-49938 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmbvydoACgkQFMQkOaVy +9mmGA/+KsDXmDrYIYKgS9qYYYfcLTx76SJ26dlz4k6JnxGxD6NkWVAyfJ4h2/R1 xAETvWEwzwn4Roh3bw63TFXAxFgMMKqcHHBr2Ht41SZ7MXsKIZN+YO/OmW5v/Xd4 5uAWzY9h9gnGBp+cOVGJ9xugmK+3zHkq++F61/J6+PK0bDimnhpE17vVrR1DzQzY lDDlCkKJ+Gbdr/ELVwdT6GxPAPhulc/ZGq6QqC1MD1JnRVMXGLFzxWkrciaf/FuT D7bc6rG5qDKbR3v47KdqN7cNKIW5Jv2KeGNn6LdxIVjP96DT+31JWPP13GIaAAnN +58/S/6Adnka/boXlib/IxnvOdCWz5PAlkK4YKhcM8bK8YcqgkEiO5xea/WSr5kX nUaR3LXzJsfyQA5X2RNbc1SH5oMROiPYiBuMB22oH3/cT+Eq9+ocl3mM0YI5782P exFWMp83gi5B1VtesQDAbhrHqpWYiAWY02furqRyCUhjszfHyX0cjzm8iYzt4HG+ FyaztplzmnVCc8QkQcD4WTI7vi+9n5laMxS0kkYD3QuK0EpDQNRb/cNlfg1jRZjf spMJ4Q/oxd2mep0Uj3jnyUicroZ4nyZqPNMeZLNUVOX463KmWcRh7aGTRK2tutN2 L8MqKxRwOMnbjGuvsuH2tLH4ywdlxcQRR0n0tORo0b6vFYxwssA= =a+m5 -----END PGP SIGNATURE-----