Bug 29709

Summary: slurm new security issue CVE-2021-43337
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Chris Denice <eatdirt>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: slurm-21.08.1-1.mga9.src.rpm CVE:
Status comment:

Description David Walser 2021-11-28 21:44:27 CET 
Fedora has issued an advisory on November 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/

The issue is fixed upstream in 21.08.4.

Mageia 8 is also affected.
David Walser 2021-11-28 21:44:45 CET

Status comment: (none) => Fixed upstream in 21.08.4
Whiteboard: (none) => MGA8TOO

Comment 1 Nicolas Lécureuil 2021-12-01 00:35:37 CET 
from https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html

version 20.11.* ( the one in mga8 ) are unaffected: 

Slurm version 21.08.4 is now available, and includes a series of recent 
bug fixes, as well as a moderate security fix.

Note that this security issue is only present in the 21.08 release 
series. Slurm 20.11 and older releases are unaffected.

Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 21.08.4 => (none)
CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2021-12-01 00:41:30 CET 
Fixed in cauldron.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 3 Chris Denice 2021-12-01 10:48:21 CET 
Thanks!