Your message dated Sun, 05 Nov 2017 10:20:27 +0000
with message-id <e1ebi2v-000eco...@fasolo.debian.org>
and subject line Bug#880530: fixed in slurm-llnl 17.02.9-1
has caused the Debian Bug report #880530,
regarding slurm-llnl: CVE-2017-15566
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
880530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880530
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: slurm-llnl
Version: 17.02.7-1
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.schedmd.com/show_bug.cgi?id=4228
Control: found -1 16.05.9-1
Hi,
the following vulnerability was published for slurm-llnl.
CVE-2017-15566[0]:
| Insecure SPANK environment variable handling exists in SchedMD Slurm
| before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2,
| allowing privilege escalation to root during Prolog or Epilog
| execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15566
[1] https://bugs.schedmd.com/show_bug.cgi?id=4228
[2]
https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: slurm-llnl
Source-Version: 17.02.9-1
We believe that the bug you reported is fixed in the latest version of
slurm-llnl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 880...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gennaro Oliva <oliv...@na.icar.cnr.it> (supplier of updated slurm-llnl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Nov 2017 01:02:24 +0100
Source: slurm-llnl
Binary: slurm-wlm slurm-client slurmd slurmctld libslurmdb31 libslurm31 libpmi0
libpmi2-0 libslurm-dev libslurmdb-dev libpmi0-dev libpmi2-0-dev slurm-wlm-doc
slurm-wlm-basic-plugins slurm-wlm-basic-plugins-dev sview slurmdbd
libslurm-perl libslurmdb-perl slurm-wlm-torque libpam-slurm slurm-llnl
slurm-llnl-slurmdbd slurm-wlm-emulator slurm-client-emulator
Architecture: source amd64 all
Version: 17.02.9-1
Distribution: unstable
Urgency: medium
Maintainer: Gennaro Oliva <oliv...@na.icar.cnr.it>
Changed-By: Gennaro Oliva <oliv...@na.icar.cnr.it>
Description:
libpam-slurm - PAM module to authenticate using the SLURM resource manager
libpmi0 - SLURM PMI library implementation
libpmi0-dev - SLURM PMI library implementation development files
libpmi2-0 - SLURM PMI2 library implementation
libpmi2-0-dev - SLURM PMI2 library implementation development files
libslurm-dev - SLURM development files
libslurm-perl - Perl API for SLURM
libslurm31 - Runtime library files for SLURM
libslurmdb-dev - SLURM DataBase Daemon development files
libslurmdb-perl - Perl API for the SLURM database
libslurmdb31 - Runtime library files for the SLURM DataBase Daemon
slurm-client - SLURM client side commands
slurm-client-emulator - SLURM client side commands for the emulator
slurm-llnl - transitional dummy package for slurm-wlm
slurm-llnl-slurmdbd - transitional dummy package for slurmdbd
slurm-wlm - Simple Linux Utility for Resource Management
slurm-wlm-basic-plugins - SLURM basic plugins
slurm-wlm-basic-plugins-dev - SLURM basic plugins development files
slurm-wlm-doc - SLURM documentation
slurm-wlm-emulator - SLURM emulator
slurm-wlm-torque - Torque compatibility wrappers for SLURM
slurmctld - SLURM central management daemon
slurmd - SLURM compute node daemon
slurmdbd - Secure enterprise-wide interface to a database for SLURM
sview - GUI to view and modify SLURM state
Closes: 880530
Changes:
slurm-llnl (17.02.9-1) unstable; urgency=medium
.
* New upstream release fixes CVE-2017-15566 (Closes: #880530)
* Add new symbols to libslurm31 and libslurmdb31
* Modify header patch to remove google script in the footer
* Rename header patch
Checksums-Sha1:
23edb7fbcbedc563c1f12ebcaf8d51876a8a054e 3773 slurm-llnl_17.02.9-1.dsc
e94083901ea381d1c11d43c0e0ad0b9f0beacac7 8352709 slurm-llnl_17.02.9.orig.tar.gz
004e20341cfd96cb79cf8a1b4f90ba0824a44ab2 124588
slurm-llnl_17.02.9-1.debian.tar.xz
5832dc4bce932081ac33279210a45031df963a01 27924 libpam-slurm_17.02.9-1_amd64.deb
1e84cebc78ac986d1ffe412858ae9397ac4e4670 20904
libpmi0-dbgsym_17.02.9-1_amd64.deb
6e439b612e9551fafcf83c18efe2b859375ce3fa 35404 libpmi0-dev_17.02.9-1_amd64.deb
ab36ba45e7bc831d999ae37f79ab8b0c4ca8c53b 31552 libpmi0_17.02.9-1_amd64.deb
297e233d57b92b1515638845d8c320268dda9ec4 33472
libpmi2-0-dbgsym_17.02.9-1_amd64.deb
18a20e4b531cf9f15156ba0fb5a1e72c67648908 41440
libpmi2-0-dev_17.02.9-1_amd64.deb
5e9825266778a8f6b72fafd29c12a37eeae501c6 34212 libpmi2-0_17.02.9-1_amd64.deb
e61ad47c17ac706cf5b2b033608961c3c2aeaf35 738444
libslurm-dev_17.02.9-1_amd64.deb
c08873bab735cbd6af443d582d277f9b38f4bcfd 171352
libslurm-perl_17.02.9-1_amd64.deb
716a4de49932635364b455b46393599ed5b8810a 1824508
libslurm31-dbgsym_17.02.9-1_amd64.deb
dc15ed4ad01a4eecc8f733f085cf6ef80c561340 576668 libslurm31_17.02.9-1_amd64.deb
de1648c34f7b14cbae6eb6ea02f06450ff0846be 662552
libslurmdb-dev_17.02.9-1_amd64.deb
da27aedbe86d354044222b1da11e949339b3c8a3 48444
libslurmdb-perl_17.02.9-1_amd64.deb
1d0379f7f4d29cb37252c7e3be687a6ab0ae551e 1871996
libslurmdb31-dbgsym_17.02.9-1_amd64.deb
674a3a126e98d71212d50a9d54a2de29fb996d0f 581952
libslurmdb31_17.02.9-1_amd64.deb
32899c55e4ddd26445346a04ec9ca7cbcbcecbdc 35050464
slurm-client-dbgsym_17.02.9-1_amd64.deb
10b4f284d96a02a5f8eeeae9ff30670d2ddb546c 3550540
slurm-client-emulator_17.02.9-1_amd64.deb
9cb1f304de8802f49791336f0885bff9cae44e59 4158824
slurm-client_17.02.9-1_amd64.deb
e25ec5efd30ce4d02156714b39d1bb78ec2a3b1b 22616
slurm-llnl-slurmdbd_17.02.9-1_all.deb
56d0c0787425c6a2aae0d169f1b3c2ae07c21653 22688 slurm-llnl_17.02.9-1_all.deb
99bce821c59b3c176018ba6a9ef033dbf63c6707 20672
slurm-llnl_17.02.9-1_amd64.buildinfo
0fcaeb3621b618d7bb6a5a3c08173df8de99485e 3267464
slurm-wlm-basic-plugins-dbgsym_17.02.9-1_amd64.deb
f19e0fec3d26d7c7b6888c8eb177e11921ec9201 636200
slurm-wlm-basic-plugins-dev_17.02.9-1_amd64.deb
482b49b0a5c00ee686128890d6ef9ff92311bfd2 631000
slurm-wlm-basic-plugins_17.02.9-1_amd64.deb
869bf305b319ce25e9a0bbdf9a0340c952a21e69 1090176
slurm-wlm-doc_17.02.9-1_all.deb
dd9bad555315411d8e6cdeae394d62436ce69325 1308404
slurm-wlm-emulator_17.02.9-1_amd64.deb
3a44bd18b17c03b3f614946aab13f0e514d749d2 62320
slurm-wlm-torque_17.02.9-1_all.deb
bc9c872ca372a1b8c362bf720b001d3a34c5f2b5 21944 slurm-wlm_17.02.9-1_amd64.deb
8c4bacb06b9a2c5e7eb9de9b69a1c0452f574e85 2780944
slurmctld-dbgsym_17.02.9-1_amd64.deb
b85f30c130897ae45203e8e01e86aaac4a918dd5 1090196 slurmctld_17.02.9-1_amd64.deb
fec60cb2d49d360a40abee7ca40a0e1fb08920af 4155328
slurmd-dbgsym_17.02.9-1_amd64.deb
19c54e89617212c7bda932bf645222f779b49086 1016700 slurmd_17.02.9-1_amd64.deb
728f1015188dbd443e3f3dab9683faf300f33d25 1913716
slurmdbd-dbgsym_17.02.9-1_amd64.deb
73e7b7cff91e5144161518b68e4f5e64e90ebcc1 627248 slurmdbd_17.02.9-1_amd64.deb
f37e9c734729924cc7f3528603e9c39a497a2e71 705312 sview_17.02.9-1_amd64.deb
Checksums-Sha256:
1c7ee4b3f3b3a165e55e5c097c7ea55a0bdf0fc08aadfd56942966cbed185737 3773
slurm-llnl_17.02.9-1.dsc
f417b7622153319558afa8a9843bdbba479ff8b77bf3123727b6aa78a96cfee8 8352709
slurm-llnl_17.02.9.orig.tar.gz
5ee87d388304fb08c57bfa5fa0ef716c24d17c6fcf82a53044a38f0d0e58f31d 124588
slurm-llnl_17.02.9-1.debian.tar.xz
e90a6674dffdd809fa1e61204c9d532b79aacffaa40c65f89d3b01f7ff3bbab9 27924
libpam-slurm_17.02.9-1_amd64.deb
d7d3404ca8f15e918aa781b2463ff0ddaccd96bcd8d3ce961a2c9b9dc4ca6d62 20904
libpmi0-dbgsym_17.02.9-1_amd64.deb
5fe8b46b4d2d1e3bcca06f54c5703c1a1480b7451b8340977f5c382f72fb08e2 35404
libpmi0-dev_17.02.9-1_amd64.deb
dbee640f11971c31bd2556f23f4da558a29c0925eeb81c36276ca9809212235e 31552
libpmi0_17.02.9-1_amd64.deb
bf77973ac9760bb2def4cc97b1250254a516396e89b4cb69b8ed9211fddcac1d 33472
libpmi2-0-dbgsym_17.02.9-1_amd64.deb
8ccb18f5c1246ad872706b356d1b39d1d739986ba0434b532545e67e43346860 41440
libpmi2-0-dev_17.02.9-1_amd64.deb
fff19c61e0a1d2972bce1d96d28ebffefb4069918780fce82ba28e64ebc05bfa 34212
libpmi2-0_17.02.9-1_amd64.deb
5fa9f7a3636cc74cbeaae25f9b29ff04711afa06afba295afc628ef3fdf63b6e 738444
libslurm-dev_17.02.9-1_amd64.deb
c207d6bd9045815edb95963fb8de78cb17e4447cdd71d2add84a8ee444133be3 171352
libslurm-perl_17.02.9-1_amd64.deb
25e21bff1b5af3fad31e7e2e869aede53518de2fc604a271e368ed832ce3a18d 1824508
libslurm31-dbgsym_17.02.9-1_amd64.deb
eb2be98b6cbf4945b3bfe1dfc8bcb16bffb9a7eb0ac48b3bcd0634409b048f64 576668
libslurm31_17.02.9-1_amd64.deb
7785859bf91ad433cabee04590ea2d50706dca58ff43dbb2b349b759297514c5 662552
libslurmdb-dev_17.02.9-1_amd64.deb
3a33617c505312c1c2a58c390315b2f56b3da9f8d68697f523436c759addfb40 48444
libslurmdb-perl_17.02.9-1_amd64.deb
34bda197fa2cfd95282af3e5f91d3929685342aa24ac6a2e762b000bcf7424af 1871996
libslurmdb31-dbgsym_17.02.9-1_amd64.deb
6ce97189be440e1f0a59f5497df28351c83c25c050b9375caafbd66d2fc5e534 581952
libslurmdb31_17.02.9-1_amd64.deb
62ce5d8228cfca43c16929982fa305f85604a4a75dce79d5155003e50504be64 35050464
slurm-client-dbgsym_17.02.9-1_amd64.deb
c14bd3bb72971e515ce0f6efed1cc527b69933a6e0fbb361b6681e4f13ae5eb6 3550540
slurm-client-emulator_17.02.9-1_amd64.deb
d75efc32e9f5ce9fae8d7a60d603b4dd492649b1cc6d217f80d31e4e77f19c71 4158824
slurm-client_17.02.9-1_amd64.deb
bc921b2bae99d034385e7e3a633c90f017dab2138d827c20ca9e00e4158bea7e 22616
slurm-llnl-slurmdbd_17.02.9-1_all.deb
5aa638a03c223f5526b72b7e864919d4e936c63900ffb29164f7da56bb385335 22688
slurm-llnl_17.02.9-1_all.deb
77e8acbeef34850117850e31059060074361d14db798314bd7cc126d130379fb 20672
slurm-llnl_17.02.9-1_amd64.buildinfo
64ed673e613518efc97a5923ebdaba931efa7c627e24a64c92d209c671444bc0 3267464
slurm-wlm-basic-plugins-dbgsym_17.02.9-1_amd64.deb
b2fc1d323e0657f5f0795a60a844cfd3f05cec006ecac45aa0e8ae9924d6bdbf 636200
slurm-wlm-basic-plugins-dev_17.02.9-1_amd64.deb
413eaf99eb37d54ce7f855aea5299a70e95854ea636c2fda4558cba7cb021fc2 631000
slurm-wlm-basic-plugins_17.02.9-1_amd64.deb
7cf2ac4b7ba0024dd7108dde86914e31e10776d5bd1838681fed907545241718 1090176
slurm-wlm-doc_17.02.9-1_all.deb
dd2f67296a42654a295717b5c286149b18d4211045fa13f86c2f8fc3594485da 1308404
slurm-wlm-emulator_17.02.9-1_amd64.deb
d34f73f442ea211f575bb069930595142faf700c093455a63d1c0ac025dc0ee4 62320
slurm-wlm-torque_17.02.9-1_all.deb
7357a89be40d9ebd5eed28f52b763e9ae4cb96dcb7c70c38e6d2f347d899f794 21944
slurm-wlm_17.02.9-1_amd64.deb
7a3b0b4c621cf932b06b1438eefbdff5216035714d97a8a937f5999606e51c80 2780944
slurmctld-dbgsym_17.02.9-1_amd64.deb
c2bfc0ad1a08d3833dea46a19cc52c75d780da708aeace8cfa1b5ad1660b4442 1090196
slurmctld_17.02.9-1_amd64.deb
93dfab0b6864cefe7b00d476480f7ee87c35cb2536b29926c3a477c2ebdcb91f 4155328
slurmd-dbgsym_17.02.9-1_amd64.deb
60003792f799429d32153d3fc3cf497eeb67c8e5f8395f99999239dfd74916e8 1016700
slurmd_17.02.9-1_amd64.deb
a69e11f742e5a5f2cf1b114ec1447eda681b684c566510be7a922edcd443d497 1913716
slurmdbd-dbgsym_17.02.9-1_amd64.deb
826433945c6b4ffee5e77d864ef15ee4d5c9116c973ee652398be3d079370b80 627248
slurmdbd_17.02.9-1_amd64.deb
aa6f0645421bfa2e208145d62e2c5607b9be7f10d05b04aaf931e2f1f1ef83c3 705312
sview_17.02.9-1_amd64.deb
Files:
12883e80f7401bc25a36b4755f7eef72 3773 admin optional slurm-llnl_17.02.9-1.dsc
97172444ea83cdb97a86bf4e1a26493d 8352709 admin optional
slurm-llnl_17.02.9.orig.tar.gz
ee564e382dd5aaf9938dd2826b7ab77b 124588 admin optional
slurm-llnl_17.02.9-1.debian.tar.xz
8169a7895583753ad51cd87979c0a974 27924 admin optional
libpam-slurm_17.02.9-1_amd64.deb
f6cf795af1a22e989a9935daa9ea02b4 20904 debug optional
libpmi0-dbgsym_17.02.9-1_amd64.deb
7b3bb5cb32b94a942cb91b3aeec1b8be 35404 libdevel optional
libpmi0-dev_17.02.9-1_amd64.deb
30de82d1e4d03e0e9e026f19ffe2ec40 31552 libs optional
libpmi0_17.02.9-1_amd64.deb
82862f2f2279cc0a986279f4f600a8f0 33472 debug optional
libpmi2-0-dbgsym_17.02.9-1_amd64.deb
0c1a4b46b131a735177eeb5c717d4783 41440 libdevel optional
libpmi2-0-dev_17.02.9-1_amd64.deb
28e14d9eb8d86d8f7f2fcfef094d2799 34212 libs optional
libpmi2-0_17.02.9-1_amd64.deb
29962231087827fa01843537a84bb96f 738444 libdevel optional
libslurm-dev_17.02.9-1_amd64.deb
16c69aa42b102c6df45ba2a733e7566d 171352 perl optional
libslurm-perl_17.02.9-1_amd64.deb
6975861d872b5b5306584c13522e68d5 1824508 debug optional
libslurm31-dbgsym_17.02.9-1_amd64.deb
25f4a1b680464105e7daf5cc6d9c2498 576668 libs optional
libslurm31_17.02.9-1_amd64.deb
1dc1163886bbbd45e337db187ec2df71 662552 libdevel optional
libslurmdb-dev_17.02.9-1_amd64.deb
47e23bd13ccddfc2ad4a25d5a6f5d394 48444 perl optional
libslurmdb-perl_17.02.9-1_amd64.deb
66e36c5667456433f5b7484e9f4df388 1871996 debug optional
libslurmdb31-dbgsym_17.02.9-1_amd64.deb
ad5ceef6f78382e8a4caf389ab166542 581952 libs optional
libslurmdb31_17.02.9-1_amd64.deb
d7117d160e993c557fe4415915eee300 35050464 debug optional
slurm-client-dbgsym_17.02.9-1_amd64.deb
8e82bd4fc94e1e055fddd45d3d2a15cd 3550540 admin optional
slurm-client-emulator_17.02.9-1_amd64.deb
8bed800302f121d3110a74569e054a04 4158824 admin optional
slurm-client_17.02.9-1_amd64.deb
32f1c3922bd44d2077c14966724bf202 22616 oldlibs optional
slurm-llnl-slurmdbd_17.02.9-1_all.deb
03767be0e63808f2fa2bae9dd1f43782 22688 oldlibs optional
slurm-llnl_17.02.9-1_all.deb
1dcfcf2cbc8857c9d0b3986b9809bf5e 20672 admin optional
slurm-llnl_17.02.9-1_amd64.buildinfo
0275be17205d9c7f9d7600a3ffc974ac 3267464 debug optional
slurm-wlm-basic-plugins-dbgsym_17.02.9-1_amd64.deb
f711875969fabdeeae654a82478191d4 636200 devel optional
slurm-wlm-basic-plugins-dev_17.02.9-1_amd64.deb
4228e3ad3fff07a98d6f5abc92271af2 631000 admin optional
slurm-wlm-basic-plugins_17.02.9-1_amd64.deb
5d7e1b9440a6a754f3463281c0fcde6e 1090176 doc optional
slurm-wlm-doc_17.02.9-1_all.deb
86521ca55399a874e4c02e459f3a530b 1308404 admin optional
slurm-wlm-emulator_17.02.9-1_amd64.deb
294e77bf8b79a9c48d467255d43d4b77 62320 admin optional
slurm-wlm-torque_17.02.9-1_all.deb
2e1195e3a4472240ca30cfd9f658b607 21944 admin optional
slurm-wlm_17.02.9-1_amd64.deb
5f0f05f45282188adc683ec67dc21636 2780944 debug optional
slurmctld-dbgsym_17.02.9-1_amd64.deb
466b1113f45dda0ad9501ff2772e20be 1090196 admin optional
slurmctld_17.02.9-1_amd64.deb
e04666f2a77968d9e051f4bcddf5b815 4155328 debug optional
slurmd-dbgsym_17.02.9-1_amd64.deb
983bfb2d5dce0b13889852b4e9eb5bf7 1016700 admin optional
slurmd_17.02.9-1_amd64.deb
775b21d25f36d284a17602448d17fa19 1913716 debug optional
slurmdbd-dbgsym_17.02.9-1_amd64.deb
c2bcc91c828d7587a2b693d3eeae430e 627248 admin optional
slurmdbd_17.02.9-1_amd64.deb
6e2a8b7edb852841e2cc67028d8120f9 705312 admin optional
sview_17.02.9-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJLBAEBCgA1FiEE6zNF9WRBuLgad5h2ffpBrZYZhdcFAln+0HQXHG9saXZhLmdA
bmEuaWNhci5jbnIuaXQACgkQffpBrZYZhdcXSg//RjXvDQDksFMho0QAqMJw0jv3
b7dp26RkdVDUG/5ZOchtt8/R3AZF8zbKOeqfF2Pi9h2PjBbjGsuqMeO5YCeqNw1h
zLyFAXd71IuVQKeIGEg7SgD47S6LKUghHSCn4+UaTipegd09pzjCkHJ4y6HHxbrz
AiX9+1P4v5Z6ed3n9T7tnDo9LkMv+34C4Ua9sg/IeJYi7W4mbFXJ7JDOqEWcTyeM
3kfX2Ka718/K/aEqP2XqQ6+i8RVvVJizHzGMR/Dm2+FSdxTVes7s+sR7szwuln/z
kaOxBAlb0hV4S3aMmsCLocl/nEFCUxWO1h+7yzp7jpY4i6DNUtQCbwRAjz4qW7zG
MNxZoYhDOObKqshqvM989+idEnpL38jm2DKtoYn3Ii7g5mbx7yOwgrqqsPawjnGx
HD5tDa4DoVNLUNRLzjh5mY7TZDLIVBtSMAxR0nuk5K7jCyiYN7h93K84SYToYuLJ
YgitC9hEtLeWQCoBcQvzOiW/Z0yBQbjQ3bDi1VnD+TEaD1YqoyJBA1szVmYQVn0w
bEGxSk+bOKyL98i0f+CT/5/WGH/d07m+QVkbvPzvoWoIreQg8v+589httBQ2yaL1
LZtdqe2EVfaNp3rNsYt/IsVjZ5CsVIIbE3Sq21we9zKfg7mOGd0JDiWAdNSKD06A
H4zdYWhqR+MmF4GkTd0=
=9+cB
-----END PGP SIGNATURE-----
--- End Message ---
