Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 842789 (CVE-2022-29500, CVE-2022-29501, CVE-2022-29502) - <sys-cluster/slurm-22.05.3: multiple vulnerabilities
Summary: <sys-cluster/slurm-22.05.3: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-29500, CVE-2022-29501, CVE-2022-29502
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.schedmd.com/news.php?id=2...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-05 14:28 UTC by Marek Szuba
Modified: 2022-09-17 22:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marek Szuba archtester gentoo-dev 2022-05-05 14:28:54 UTC
Three critical issues allowing privilege escalation on both the controller and the compute nodes.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-15 00:36:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=002aa381e511ead5a8b433a8b2ad5d5afd4d94fe

commit 002aa381e511ead5a8b433a8b2ad5d5afd4d94fe
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-08-15 00:16:59 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-15 00:35:55 +0000

    profiles: last rite sys-cluster/slurm
    
    Also remove the collectd unmasks in arch package.use.masks.
    
    Bug: https://bugs.gentoo.org/631552
    Bug: https://bugs.gentoo.org/790296
    Bug: https://bugs.gentoo.org/842789
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/arch/amd64/package.use.mask | 4 ----
 profiles/arch/x86/package.use.mask   | 4 ----
 profiles/base/package.use.mask       | 3 +++
 profiles/package.mask                | 6 ++++++
 4 files changed, 9 insertions(+), 8 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2022-09-15 08:01:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1947dd126dfbf1a19f631b770d3e36fffdf334e

commit b1947dd126dfbf1a19f631b770d3e36fffdf334e
Author:     Alexey Shvetsov <alexxy@gentoo.org>
AuthorDate: 2022-09-15 08:00:39 +0000
Commit:     Alexey Shvetsov <alexxy@gentoo.org>
CommitDate: 2022-09-15 08:00:39 +0000

    sys-cluster/slurm: Update to new version
    
    Closes: https://bugs.gentoo.org/744148
    Bug: https://bugs.gentoo.org/790296
    Bug: https://bugs.gentoo.org/842789
    Signed-off-by: Alexey Shvetsov <alexxy@gentoo.org>

 sys-cluster/slurm/Manifest                         |   2 +-
 ...-lua.patch => slurm-22.05.3_autoconf-lua.patch} |  19 +-
 sys-cluster/slurm/metadata.xml                     |   6 +-
 sys-cluster/slurm/slurm-20.11.0.1-r105.ebuild      | 275 ---------------------
 ...-20.11.0.1-r104.ebuild => slurm-22.05.3.ebuild} |  34 ++-
 5 files changed, 38 insertions(+), 298 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-09-15 08:08:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a34a195a9b018eecac186686a2f88d21daff2f04

commit a34a195a9b018eecac186686a2f88d21daff2f04
Author:     Alexey Shvetsov <alexxy@gentoo.org>
AuthorDate: 2022-09-15 08:07:56 +0000
Commit:     Alexey Shvetsov <alexxy@gentoo.org>
CommitDate: 2022-09-15 08:07:56 +0000

    profiles: Remove slurm p.mask since valnurable version no longer in tree
    
    Bug: https://bugs.gentoo.org/631552
    Bug: https://bugs.gentoo.org/790296
    Bug: https://bugs.gentoo.org/842789
    Signed-off-by: Alexey Shvetsov <alexxy@gentoo.org>

 profiles/package.mask | 6 ------
 1 file changed, 6 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-17 22:46:41 UTC
Sorry, all unstable, all done.