Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 757267 (CVE-2020-27745, CVE-2020-27746) - <sys-cluster/slurm-20.11.0.1: Multiple vulnerabilities (CVE-2020-{27745,27746})
Summary: <sys-cluster/slurm-20.11.0.1: Multiple vulnerabilities (CVE-2020-{27745,27746})
Status: RESOLVED FIXED
Alias: CVE-2020-27745, CVE-2020-27746
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-27 19:51 UTC by Sam James
Modified: 2020-12-01 12:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-11-27 19:51:43 UTC
* CVE-2020-27745

Description:
"Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin."

* CVE-2020-27746

Description:
"Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem."
Comment 1 Sam James archtester gentoo-dev Security 2020-11-27 19:52:21 UTC
Please bump to 20.02.6, thanks!
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-12-01 12:14:52 UTC
Done.