29709 – slurm new security issue CVE-2021-43337

Bug 29709 - slurm new security issue CVE-2021-43337

Summary: slurm new security issue CVE-2021-43337

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Chris Denice
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-11-28 21:44 CET by David Walser
Modified:	2021-12-01 10:48 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	slurm-21.08.1-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-11-28 21:44:27 CET

Fedora has issued an advisory on November 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/

The issue is fixed upstream in 21.08.4.

Mageia 8 is also affected.

David Walser 2021-11-28 21:44:45 CET

Status comment: (none) => Fixed upstream in 21.08.4
Whiteboard: (none) => MGA8TOO

Comment 1 Nicolas Lécureuil 2021-12-01 00:35:37 CET

from https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html

version 20.11.* ( the one in mga8 ) are unaffected: 

Slurm version 21.08.4 is now available, and includes a series of recent 
bug fixes, as well as a moderate security fix.

Note that this security issue is only present in the 21.08 release 
series. Slurm 20.11 and older releases are unaffected.

Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 21.08.4 => (none)
CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2021-12-01 00:41:30 CET

Fixed in cauldron.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 3 Chris Denice 2021-12-01 10:48:21 CET

Thanks!

Note You need to log in before you can comment on or make changes to this bug.