Bugzilla – Bug 1095508
VUL-0: CVE-2018-10995: slurm: Insecure handling of username and gid fields
Last modified: 2022-11-04 15:09:00 UTC
rh#1584939 SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). Upstream Fixes: https://github.com/SchedMD/slurm/commit/033dc0d1d28b8d2ba1a5187f564a01c15187eb4e https://github.com/SchedMD/slurm/commit/df545955e4f119974c278bff0c47155257d5afc7 References: https://bugzilla.redhat.com/show_bug.cgi?id=1584939 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10995 https://www.schedmd.com/news.php?id=203 https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html
Fix submitted for SUSE:SLE-12-SP2:GA:Products:Update: MR ID 166121 SLE-15 and oS:Factory Submission is under way as well.
This is an autogenerated message for OBS integration: This bug (1095508) was mentioned in https://build.opensuse.org/request/show/616050 Factory / slurm
SUSE-SU-2018:1652-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1091063,1095508 CVE References: CVE-2018-10995 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): slurm-17.02.11-6.19.1
This is an autogenerated message for OBS integration: This bug (1095508) was mentioned in https://build.opensuse.org/request/show/622078 15.0 / slurm
SUSE-SU-2018:1925-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1095508 CVE References: CVE-2018-10995 Sources used: SUSE Linux Enterprise Module for HPC 15 (src): slurm-17.11.7-6.3.1
Please submit for Leap 42.3 which has 16.05.8.1
openSUSE-SU-2018:1955-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1095508,1100850 CVE References: CVE-2018-10995 Sources used: openSUSE Leap 15.0 (src): slurm-17.11.7-lp150.5.7.1
This update has been released, closing.
SUSE-SU-2020:0443-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1018371,1065697,1085240,1095508,1123304,1140709,1155784,1158709,1158798,1159692 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): pdsh-2.33-7.6.1 SUSE Linux Enterprise Module for HPC 15-SP1 (src): pdsh-2.33-7.6.1 SUSE Linux Enterprise Module for HPC 15 (src): pdsh-2.33-7.6.1, slurm_18_08-18.08.9-1.5.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2607-1: An update that solves 9 vulnerabilities, contains four features and has 22 fixes is now available. Category: security (moderate) Bug References: 1007053,1018371,1031872,1041706,1065697,1084125,1084917,1085240,1085606,1086859,1088693,1090292,1095508,1100850,1103561,1108671,1109373,1116758,1123304,1140709,1153095,1153259,1155784,1158696,1159692,1161716,1162377,1164326,1164386,1172004,1173805 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438,CVE-2020-12693 JIRA References: SLE-10800,SLE-7341,SLE-7342,SLE-8491 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): pdsh_slurm_18_08-2.34-7.26.2, pdsh_slurm_20_02-2.34-7.26.2, slurm_20_02-20.02.3-3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0773-1: An update that fixes 11 vulnerabilities, contains one feature is now available. Category: security (important) Bug References: 1018371,1065697,1085240,1095508,1123304,1140709,1155784,1159692,1172004,1178890,1178891 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438,CVE-2020-12693,CVE-2020-27745,CVE-2020-27746 JIRA References: ECO-2412 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): pdsh-2.34-7.32.1, pdsh_slurm_18_08-2.34-7.32.1, pdsh_slurm_20_02-2.34-7.32.1, pdsh_slurm_20_11-2.34-7.32.1, slurm_20_11-20.11.4-3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.