-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4363
                        slurm-llnl security update
                             19 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           slurm-llnl
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12838  

Reference:         ESB-2019.4356
                   ESB-2019.3265

Original Bulletin: 
   http://www.debian.org/security/2019/dsa-4572

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4572-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 18, 2019                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : slurm-llnl
CVE ID         : CVE-2019-12838

It was discovered in the Simple Linux Utility for Resource Management
(SLURM), a cluster resource management and job scheduling system did
not escape strings when importing an archive file into the
accounting_storage/mysql backend, resulting in SQL injection.

For the stable distribution (buster), this problem has been fixed in
version 18.08.5.2-1+deb10u1.

We recommend that you upgrade your slurm-llnl packages.

For the detailed security status of slurm-llnl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/slurm-llnl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3TFQ0ACgkQEMKTtsN8
TjbVpA//Zr4qzZ+sjjxbrmb+bPrv8pXD+IIqAXYetLjbWIyjCWgTN5ZpGJyftXX0
TUFqsncZnXdB6FgM1qPYcAF25qm/JPFAwsm89T0F3AiIS82RMeKHhD5BMPV/d8Nt
WgUessJ7eOkSz1ewfUSSSkDlNILj9U73pUegoKVfSv9SYkezg1P5HA76qxPYZcHj
xgHKo6SuO6qcxlEw5gQw+8pIomeBLcIGHJsI4OXjcJCl4D8PNVxYNU7VfQGnik+P
tgWhAkrIjr1gX0dmxxjTk06PYrI1GwC7xi7NsxC04kqgeVFs2b0eIYDrxiZwdeZa
ib50bdF40PGfF+6lgxdxokzZGmGHswgYI41PW2wGTuVUI45CHx1QI9fSvsrZjn2x
ZAqbMXgQljzBuuXm1oudIng+P6IWgVa84MHt/p9tfUwk0vUzaxT+8dGnxlBL/9CL
E/9MSZeh+QE+6hmloQ3oj6eLu8IB0vusTXq6s1n7pb2sj9T2CaCl0vCfo0hermYF
NEhQwZCvuUt0k7wHyPHoFnN8NukcAg9hJk2tvIn8Q70VtN6Tl0pTV0kio2tkiO3I
AuBexEUpHOZrCGOKlpnk5jAw7Z3HJZkah6T68ZOaHXV3WzEBRTLxhfHG5OMCNGu3
A+yDRIUQiULV/+OfE822fwJbAALjgSODLWudwP0k+h1rFjDqoXc=
=f1CS
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXdNF8maOgq3Tt24GAQgAvRAAy56ar08C955pRj3O3ulykzypOCyK0ArB
cPeuf5mHvs8bRE7qGBGvNzH1hWWN+R4XQfzPIF/Lp5Q54GKIMhlOrUr59GZbly/+
tpda1A5R+xruFXyCtTNKNb1YDDGQIzcD5Sgs1nWFOC6zQTjkcO3G+TH6ucfIKV/l
Icj6c9F4YKGHukBop5pmVpulySYe3SDQKsQYy1X6jmxYYV/xyJjIsse1QncYLRm6
Z3wi278iRu7jA9irZFrSnO+FLSagnNaypV7M+JaqxE8sZ9EcOmUFiid8AzCnf6pA
LyecZD1Ah1l4DpkCh4cbh6JdnCeOk1WhHGxqwBwNd5zPc0v7vnfi5oHrjBKUXWxw
z+IX2vPAM3OHye6zGH0ZNIbUQi1JT/fiXvQ0Dsx1kH9VOYs7iJfrtWWKSIHSoww/
vgR607Xn99S5L8AsbTlaBrpOGOnXx0GRSp7gRuZ/C/fgWKAt79pxU3leWx8cg/fU
rtSIfwXwI1tsbFYPnLVXIHwaFZ3wNLpV9HSXp9l+5/NDF+1fxybe+ICK9MrlOs6t
drABSHsy3ZdJvmxsLG8nRwRxiUr/v4pxTVwgDMxGRuU3nXMSNPEx1Xo59+GHG4Wg
itGKB3T3GqWx3u2Nk9CFMVpiAsCtty2aQ234n1amoXis1Y58pZa8DxdFXq/mFmEp
Va6wLtAnLUU=
=+0o7
-----END PGP SIGNATURE-----