Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4363 slurm-llnl security update 19 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: slurm-llnl Publisher: Debian Operating System: Debian GNU/Linux 10 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-12838 Reference: ESB-2019.4356 ESB-2019.3265 Original Bulletin: http://www.debian.org/security/2019/dsa-4572 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4572-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : slurm-llnl CVE ID : CVE-2019-12838 It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection. For the stable distribution (buster), this problem has been fixed in version 18.08.5.2-1+deb10u1. We recommend that you upgrade your slurm-llnl packages. For the detailed security status of slurm-llnl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slurm-llnl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3TFQ0ACgkQEMKTtsN8 TjbVpA//Zr4qzZ+sjjxbrmb+bPrv8pXD+IIqAXYetLjbWIyjCWgTN5ZpGJyftXX0 TUFqsncZnXdB6FgM1qPYcAF25qm/JPFAwsm89T0F3AiIS82RMeKHhD5BMPV/d8Nt WgUessJ7eOkSz1ewfUSSSkDlNILj9U73pUegoKVfSv9SYkezg1P5HA76qxPYZcHj xgHKo6SuO6qcxlEw5gQw+8pIomeBLcIGHJsI4OXjcJCl4D8PNVxYNU7VfQGnik+P tgWhAkrIjr1gX0dmxxjTk06PYrI1GwC7xi7NsxC04kqgeVFs2b0eIYDrxiZwdeZa ib50bdF40PGfF+6lgxdxokzZGmGHswgYI41PW2wGTuVUI45CHx1QI9fSvsrZjn2x ZAqbMXgQljzBuuXm1oudIng+P6IWgVa84MHt/p9tfUwk0vUzaxT+8dGnxlBL/9CL E/9MSZeh+QE+6hmloQ3oj6eLu8IB0vusTXq6s1n7pb2sj9T2CaCl0vCfo0hermYF NEhQwZCvuUt0k7wHyPHoFnN8NukcAg9hJk2tvIn8Q70VtN6Tl0pTV0kio2tkiO3I AuBexEUpHOZrCGOKlpnk5jAw7Z3HJZkah6T68ZOaHXV3WzEBRTLxhfHG5OMCNGu3 A+yDRIUQiULV/+OfE822fwJbAALjgSODLWudwP0k+h1rFjDqoXc= =f1CS - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXdNF8maOgq3Tt24GAQgAvRAAy56ar08C955pRj3O3ulykzypOCyK0ArB cPeuf5mHvs8bRE7qGBGvNzH1hWWN+R4XQfzPIF/Lp5Q54GKIMhlOrUr59GZbly/+ tpda1A5R+xruFXyCtTNKNb1YDDGQIzcD5Sgs1nWFOC6zQTjkcO3G+TH6ucfIKV/l Icj6c9F4YKGHukBop5pmVpulySYe3SDQKsQYy1X6jmxYYV/xyJjIsse1QncYLRm6 Z3wi278iRu7jA9irZFrSnO+FLSagnNaypV7M+JaqxE8sZ9EcOmUFiid8AzCnf6pA LyecZD1Ah1l4DpkCh4cbh6JdnCeOk1WhHGxqwBwNd5zPc0v7vnfi5oHrjBKUXWxw z+IX2vPAM3OHye6zGH0ZNIbUQi1JT/fiXvQ0Dsx1kH9VOYs7iJfrtWWKSIHSoww/ vgR607Xn99S5L8AsbTlaBrpOGOnXx0GRSp7gRuZ/C/fgWKAt79pxU3leWx8cg/fU rtSIfwXwI1tsbFYPnLVXIHwaFZ3wNLpV9HSXp9l+5/NDF+1fxybe+ICK9MrlOs6t drABSHsy3ZdJvmxsLG8nRwRxiUr/v4pxTVwgDMxGRuU3nXMSNPEx1Xo59+GHG4Wg itGKB3T3GqWx3u2Nk9CFMVpiAsCtty2aQ234n1amoXis1Y58pZa8DxdFXq/mFmEp Va6wLtAnLUU= =+0o7 -----END PGP SIGNATURE-----