[Bug 363904] Re: SLURM Security Flaw
slurm-llnl (1.3.6-1lenny3build0.8.10.1) intrepid-security; urgency=low * fake sync from Debian slurm-llnl (1.3.6-1lenny3) stable-security; urgency=high * Add missing include to prevent ia64 build problems. slurm-llnl (1.3.6-1lenny2) stable-security; urgency=high * Security patch to fix supplementary group flaw slurm-llnl (1.3.6-1lenny1) testing-security; urgency=high * Non-maintainer upload by the Security Team. * Fix to crypto/openssl plugin that could result in job launch requests being spoofed through the use of an improperly formed credential. This bug could permit a user to launch tasks on compute nodes not allocated for their use, but will NOT permit them to run tasks as another user. This is related to CVE-2008-5077 and DSA 1701 (Closes: #511511) -- Jamie Strandboge ja...@ubuntu.com Wed, 07 Oct 2009 06:51:11 -0500 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5077 ** Changed in: slurm-llnl (Ubuntu Intrepid) Status: Triaged = Fix Released ** Changed in: slurm-llnl (Ubuntu Intrepid) Assignee: Artur Rona (ari-tczew) = (unassigned) ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0128 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2084 -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
** Changed in: slurm-llnl (Ubuntu Hardy) Assignee: (unassigned) = Artur Rona (ari-tczew) ** Changed in: slurm-llnl (Ubuntu Intrepid) Assignee: (unassigned) = Artur Rona (ari-tczew) ** Changed in: slurm-llnl (Ubuntu Jaunty) Assignee: (unassigned) = Artur Rona (ari-tczew) -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
Already fixed in Karmic, so I've marked that as closed. For the other releases, we need to have a debdiff against Ubuntu's releases, rather than diffs against Debian's versions. And these need to build and run tested before we can publish them into the archive. For more details: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Patch ** Changed in: slurm-llnl (Ubuntu Karmic) Status: Confirmed = Fix Released ** Changed in: slurm-llnl (Ubuntu Intrepid) Status: In Progress = Incomplete ** Changed in: slurm-llnl (Ubuntu Intrepid) Status: Incomplete = Triaged ** Changed in: slurm-llnl (Ubuntu Jaunty) Status: In Progress = Triaged -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
Marked In Progress according to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Submission ** Also affects: slurm-llnl (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: slurm-llnl (Ubuntu Intrepid) Importance: Undecided Status: New ** Also affects: slurm-llnl (Ubuntu Jaunty) Importance: Undecided Status: New ** Changed in: slurm-llnl (Ubuntu Hardy) Importance: Undecided = Medium ** Changed in: slurm-llnl (Ubuntu Intrepid) Importance: Undecided = Medium ** Changed in: slurm-llnl (Ubuntu Jaunty) Importance: Undecided = Medium ** Also affects: slurm-llnl (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: slurm-llnl (Ubuntu Hardy) Status: New = Confirmed ** Changed in: slurm-llnl (Ubuntu Karmic) Status: New = Confirmed ** Changed in: slurm-llnl (Ubuntu Karmic) Importance: Undecided = Medium ** Changed in: slurm-llnl (Ubuntu Intrepid) Status: New = In Progress ** Changed in: slurm-llnl (Ubuntu Jaunty) Status: New = In Progress -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
Made this bug private, since the DSA is available. (The previous mail to slurm-announce was also public) ** Visibility changed to: Public -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
** Attachment added: debdiff between 1.3.13-1 and 1.3.15-1 for jaunty http://launchpadlibrarian.net/25846901/1.3.13-1_to_1.3.15-1.debdiff -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
The attached debdiffs is between current versions in intrepid and jaunty, and the fixed versions in sid and lenny. -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 363904] Re: SLURM Security Flaw
** Attachment added: debdiff between 1.3.6-1 and 1.3.6-1lenny3 for intrepid http://launchpadlibrarian.net/25846942/1.3.6-1_to_1.3.6-1lenny3.debdiff -- SLURM Security Flaw https://bugs.launchpad.net/bugs/363904 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs