DescriptionInsecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SU-2017:3311-1, published Thu Dec 14 13:08:51 MST 2017
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Module for High Performance Computing 12|| ||Patchnames:
|SUSE Linux Enterprise Module for High Performance Computing 15|| ||Patchnames:
SUSE Linux Enterprise Module for High Performance Computing 15 GA libpmi0
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.
|SUSE Linux Enterprise Module for High Performance Computing 12||slurm||Released|