Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 757267 (CVE-2020-27745, CVE-2020-27746)

Summary: <sys-cluster/slurm-20.11.0.1: Multiple vulnerabilities (CVE-2020-{27745,27746})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: alexxy, cluster, zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-27 19:51:43 UTC 
* CVE-2020-27745

Description:
"Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin."

* CVE-2020-27746

Description:
"Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-27 19:52:21 UTC 
Please bump to 20.02.6, thanks!
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-12-01 12:14:52 UTC 
Done.