First published: Wed May 30 2018(Updated: )
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/slurm-llnl | 18.08.5.2-1+deb10u2 | |
SchedMD Slurm | <=17.02.10.1 | |
SchedMD Slurm | =17.11.0.0-pre1 | |
SchedMD Slurm | =17.11.0.0-pre2 | |
SchedMD Slurm | =17.11.0.0-rc1 | |
SchedMD Slurm | =17.11.0.0-rc2 | |
SchedMD Slurm | =17.11.0.0-rc3 | |
SchedMD Slurm | =17.11.0.1 | |
SchedMD Slurm | =17.11.1.1 | |
SchedMD Slurm | =17.11.1.2 | |
SchedMD Slurm | =17.11.2.1 | |
SchedMD Slurm | =17.11.3.1 | |
SchedMD Slurm | =17.11.3.2 | |
SchedMD Slurm | =17.11.4.1 | |
SchedMD Slurm | =17.11.5.1 | |
SchedMD Slurm | =17.11.6.1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10995 is a vulnerability in SchedMD Slurm before version 17.02.11 and 17.1x.x before 17.11.7 that mishandles user names (aka user_name fields) and group ids (aka gid fields).
CVE-2018-10995 has a severity rating of 5.3 (medium).
CVE-2018-10995 affects SchedMD Slurm versions before 17.02.11 and 17.1x.x before 17.11.7.
Yes, the fix for CVE-2018-10995 is available in version 18.08.5.2-1+deb10u2 of the slurm-llnl package on Debian.
More information about CVE-2018-10995 can be found on the Debian Security Tracker, MITRE CVE dictionary, and the Debian bug report.