Bug 1584939 (CVE-2018-10995)

Summary: CVE-2018-10995 slurm: Insecure handling of username and gid fields
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: pkdevel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: slurm 17.02.11, slurm 17.11.7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-12 02:25:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1584940    
Bug Blocks:    

Description Sam Fowler 2018-06-01 01:37:29 UTC 
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).


External Reference:

https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html


Upstream Commits:

https://github.com/SchedMD/slurm/commit/033dc0d1d28b8d2ba1a5187f564a01c15187eb4e
https://github.com/SchedMD/slurm/commit/df545955e4f119974c278bff0c47155257d5afc7
Comment 1 Sam Fowler 2018-06-01 01:37:50 UTC 
Created slurm tracking bugs for this issue:

Affects: fedora-all [bug 1584940]
Comment 2 Philip Kovacs 2018-10-12 02:25:09 UTC 
Closing, this was patched for Fedora long ago (by me).