Debian Security Update DSA-4023 slurm-llnl - security update

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,735
Reaction score
94
Credits
-1,257
Ryan Day discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a Prolog or Epilog script are vulnerable, regardless of whether SPANK plugins are in use.

Continue reading...
 


Follow Linux.org

Members online


Latest posts

Top