1584939 – (CVE-2018-10995) CVE-2018-10995 slurm: Insecure handling of username and gid fields

Bug 1584939 (CVE-2018-10995) - CVE-2018-10995 slurm: Insecure handling of username and gid fields

Summary: CVE-2018-10995 slurm: Insecure handling of username and gid fields

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-10995
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1584940
Blocks:
TreeView+	depends on / blocked

Reported:	2018-06-01 01:37 UTC by Sam Fowler
Modified:	2021-02-17 00:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:	slurm 17.02.11, slurm 17.11.7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-10-12 02:25:09 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sam Fowler 2018-06-01 01:37:29 UTC

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).


External Reference:

https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html


Upstream Commits:

https://github.com/SchedMD/slurm/commit/033dc0d1d28b8d2ba1a5187f564a01c15187eb4e
https://github.com/SchedMD/slurm/commit/df545955e4f119974c278bff0c47155257d5afc7

Comment 1 Sam Fowler 2018-06-01 01:37:50 UTC

Created slurm tracking bugs for this issue:

Affects: fedora-all [bug 1584940]

Comment 2 Philip Kovacs 2018-10-12 02:25:09 UTC

Closing, this was patched for Fedora long ago (by me).

Note You need to log in before you can comment on or make changes to this bug.