USN-4781-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4781-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4781-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4781-1
Related
Published
2022-05-25T10:41:59.571081Z
Modified
2022-05-25T10:41:59.571081Z
Summary
slurm-llnl vulnerabilities
Details

It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030)

It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566)

It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033)

It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995)

It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438)

It was discovered that Slurm incorrectly handled certain inputs when Message Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693)

It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745)

Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746)

It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215)

References

Affected packages

Ubuntu:Pro:18.04:LTS / slurm-llnl

Package

Name
slurm-llnl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.11.2-1ubuntu0.1~esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libpmi2-0-dev": "17.11.2-1ubuntu0.1~esm4",
            "libpmi2-0": "17.11.2-1ubuntu0.1~esm4",
            "slurm-wlm-torque": "17.11.2-1ubuntu0.1~esm4",
            "slurm-wlm-basic-plugins-dev": "17.11.2-1ubuntu0.1~esm4",
            "slurm-client-emulator": "17.11.2-1ubuntu0.1~esm4",
            "slurm-wlm-emulator": "17.11.2-1ubuntu0.1~esm4",
            "slurmdbd": "17.11.2-1ubuntu0.1~esm4",
            "slurmctld": "17.11.2-1ubuntu0.1~esm4",
            "libslurm-perl": "17.11.2-1ubuntu0.1~esm4",
            "slurm-wlm-basic-plugins": "17.11.2-1ubuntu0.1~esm4",
            "slurm-client": "17.11.2-1ubuntu0.1~esm4",
            "libslurmdb-perl": "17.11.2-1ubuntu0.1~esm4",
            "libpmi0-dev": "17.11.2-1ubuntu0.1~esm4",
            "libslurm-dev": "17.11.2-1ubuntu0.1~esm4",
            "slurm-wlm": "17.11.2-1ubuntu0.1~esm4",
            "libpam-slurm": "17.11.2-1ubuntu0.1~esm4",
            "slurm-wlm-doc": "17.11.2-1ubuntu0.1~esm4",
            "libslurm32": "17.11.2-1ubuntu0.1~esm4",
            "slurmd": "17.11.2-1ubuntu0.1~esm4",
            "libpmi0": "17.11.2-1ubuntu0.1~esm4",
            "libslurmdb-dev": "17.11.2-1ubuntu0.1~esm4",
            "libslurmdb32": "17.11.2-1ubuntu0.1~esm4",
            "sview": "17.11.2-1ubuntu0.1~esm4"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / slurm-llnl

Package

Name
slurm-llnl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.5-1ubuntu0.1~esm5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libslurm26": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl-basic-plugins-dev": "2.6.5-1ubuntu0.1~esm5",
            "libslurm-perl": "2.6.5-1ubuntu0.1~esm5",
            "libslurmdb-perl": "2.6.5-1ubuntu0.1~esm5",
            "libpmi0-dev": "2.6.5-1ubuntu0.1~esm5",
            "libslurm-dev": "2.6.5-1ubuntu0.1~esm5",
            "libpam-slurm": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl-basic-plugins": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl-torque": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl-doc": "2.6.5-1ubuntu0.1~esm5",
            "libslurmdb26": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl-sview": "2.6.5-1ubuntu0.1~esm5",
            "libslurmdb-dev": "2.6.5-1ubuntu0.1~esm5",
            "slurm-llnl-slurmdbd": "2.6.5-1ubuntu0.1~esm5",
            "libpmi0": "2.6.5-1ubuntu0.1~esm5"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / slurm-llnl

Package

Name
slurm-llnl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
19.05.5-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libpmi2-0-dev": "19.05.5-1ubuntu0.1~esm1",
            "libpmi2-0": "19.05.5-1ubuntu0.1~esm1",
            "slurm-wlm-torque": "19.05.5-1ubuntu0.1~esm1",
            "slurm-wlm-basic-plugins-dev": "19.05.5-1ubuntu0.1~esm1",
            "slurm-client-emulator": "19.05.5-1ubuntu0.1~esm1",
            "slurm-wlm-emulator": "19.05.5-1ubuntu0.1~esm1",
            "slurmdbd": "19.05.5-1ubuntu0.1~esm1",
            "slurmctld": "19.05.5-1ubuntu0.1~esm1",
            "libslurm-perl": "19.05.5-1ubuntu0.1~esm1",
            "slurm-wlm-basic-plugins": "19.05.5-1ubuntu0.1~esm1",
            "slurm-client": "19.05.5-1ubuntu0.1~esm1",
            "libslurmdb-perl": "19.05.5-1ubuntu0.1~esm1",
            "libpmi0-dev": "19.05.5-1ubuntu0.1~esm1",
            "libslurm-dev": "19.05.5-1ubuntu0.1~esm1",
            "slurm-wlm": "19.05.5-1ubuntu0.1~esm1",
            "libpam-slurm": "19.05.5-1ubuntu0.1~esm1",
            "slurm-wlm-doc": "19.05.5-1ubuntu0.1~esm1",
            "slurmd": "19.05.5-1ubuntu0.1~esm1",
            "libpmi0": "19.05.5-1ubuntu0.1~esm1",
            "libpam-slurm-adopt": "19.05.5-1ubuntu0.1~esm1",
            "libslurm34": "19.05.5-1ubuntu0.1~esm1",
            "sview": "19.05.5-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / slurm-llnl

Package

Name
slurm-llnl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.08.7-1ubuntu0.1~esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "slurm-wlm-torque": "15.08.7-1ubuntu0.1~esm4",
            "slurm-wlm-basic-plugins-dev": "15.08.7-1ubuntu0.1~esm4",
            "libslurm29": "15.08.7-1ubuntu0.1~esm4",
            "slurm-client-emulator": "15.08.7-1ubuntu0.1~esm4",
            "slurmdbd": "15.08.7-1ubuntu0.1~esm4",
            "slurmctld": "15.08.7-1ubuntu0.1~esm4",
            "libslurm-perl": "15.08.7-1ubuntu0.1~esm4",
            "slurm-wlm-emulator": "15.08.7-1ubuntu0.1~esm4",
            "slurm-client": "15.08.7-1ubuntu0.1~esm4",
            "slurm-wlm-basic-plugins": "15.08.7-1ubuntu0.1~esm4",
            "libslurmdb-perl": "15.08.7-1ubuntu0.1~esm4",
            "libpmi0-dev": "15.08.7-1ubuntu0.1~esm4",
            "libslurm-dev": "15.08.7-1ubuntu0.1~esm4",
            "libpam-slurm": "15.08.7-1ubuntu0.1~esm4",
            "slurm-wlm": "15.08.7-1ubuntu0.1~esm4",
            "slurm-llnl": "15.08.7-1ubuntu0.1~esm4",
            "slurm-wlm-doc": "15.08.7-1ubuntu0.1~esm4",
            "slurmd": "15.08.7-1ubuntu0.1~esm4",
            "libpmi0": "15.08.7-1ubuntu0.1~esm4",
            "libslurmdb-dev": "15.08.7-1ubuntu0.1~esm4",
            "libslurmdb29": "15.08.7-1ubuntu0.1~esm4",
            "slurm-llnl-slurmdbd": "15.08.7-1ubuntu0.1~esm4",
            "sview": "15.08.7-1ubuntu0.1~esm4"
        }
    ]
}