Bug 842789 (CVE-2022-29500, CVE-2022-29501, CVE-2022-29502)

Summary:	<sys-cluster/slurm-22.05.3: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Marek Szuba <marecki>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	alexxy, cluster
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.schedmd.com/news.php?id=260#OPT_260
Whiteboard:	~2 [noglsa]
Package list:		Runtime testing required:	---

Description Marek Szuba archtester

2022-05-05 14:28:54 UTC

Three critical issues allowing privilege escalation on both the controller and the compute nodes.

Comment 1 Larry the Git Cow gentoo-dev

2022-08-15 00:36:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=002aa381e511ead5a8b433a8b2ad5d5afd4d94fe

commit 002aa381e511ead5a8b433a8b2ad5d5afd4d94fe
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-08-15 00:16:59 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-15 00:35:55 +0000

    profiles: last rite sys-cluster/slurm
    
    Also remove the collectd unmasks in arch package.use.masks.
    
    Bug: https://bugs.gentoo.org/631552
    Bug: https://bugs.gentoo.org/790296
    Bug: https://bugs.gentoo.org/842789
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/arch/amd64/package.use.mask | 4 ----
 profiles/arch/x86/package.use.mask   | 4 ----
 profiles/base/package.use.mask       | 3 +++
 profiles/package.mask                | 6 ++++++
 4 files changed, 9 insertions(+), 8 deletions(-)

Comment 2 Larry the Git Cow gentoo-dev

2022-09-15 08:01:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1947dd126dfbf1a19f631b770d3e36fffdf334e

commit b1947dd126dfbf1a19f631b770d3e36fffdf334e
Author:     Alexey Shvetsov <alexxy@gentoo.org>
AuthorDate: 2022-09-15 08:00:39 +0000
Commit:     Alexey Shvetsov <alexxy@gentoo.org>
CommitDate: 2022-09-15 08:00:39 +0000

    sys-cluster/slurm: Update to new version
    
    Closes: https://bugs.gentoo.org/744148
    Bug: https://bugs.gentoo.org/790296
    Bug: https://bugs.gentoo.org/842789
    Signed-off-by: Alexey Shvetsov <alexxy@gentoo.org>

 sys-cluster/slurm/Manifest                         |   2 +-
 ...-lua.patch => slurm-22.05.3_autoconf-lua.patch} |  19 +-
 sys-cluster/slurm/metadata.xml                     |   6 +-
 sys-cluster/slurm/slurm-20.11.0.1-r105.ebuild      | 275 ---------------------
 ...-20.11.0.1-r104.ebuild => slurm-22.05.3.ebuild} |  34 ++-
 5 files changed, 38 insertions(+), 298 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2022-09-15 08:08:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a34a195a9b018eecac186686a2f88d21daff2f04

commit a34a195a9b018eecac186686a2f88d21daff2f04
Author:     Alexey Shvetsov <alexxy@gentoo.org>
AuthorDate: 2022-09-15 08:07:56 +0000
Commit:     Alexey Shvetsov <alexxy@gentoo.org>
CommitDate: 2022-09-15 08:07:56 +0000

    profiles: Remove slurm p.mask since valnurable version no longer in tree
    
    Bug: https://bugs.gentoo.org/631552
    Bug: https://bugs.gentoo.org/790296
    Bug: https://bugs.gentoo.org/842789
    Signed-off-by: Alexey Shvetsov <alexxy@gentoo.org>

 profiles/package.mask | 6 ------
 1 file changed, 6 deletions(-)

Comment 4 John Helmert III archtester

2022-09-17 22:46:41 UTC

Sorry, all unstable, all done.