[Git][security-tracker-team/security-tracker][master] Add new Slurm issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 14 06:29:38 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc34bf28 by Salvatore Bonaccorso at 2023-12-14T07:27:40+01:00
Add new Slurm issues
Note that upstream only supports the series from 22.05.y onwards. So for
those issues known to affect 22.05.y and fixed in 22.05.11 changes are
there that the older series are affected as well.
Where it was clear that is affect only 23.02.y and 23.11.y the
respective older versions were marked as not-affected.
Finergrained triage will happen once the fixing commits can be deduced.
Link: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-49934 [SQL Injection]
+ - slurm-wlm <not-affected> (Vulnerable code introduced in 23.11 series)
+ - slurm-llnl <not-affected> (Vulnerable code introduced in 23.11 series)
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49933 [Slurm Protocol Message Extension]
+ - slurm-wlm <unfixed>
+ - slurm-llnl <removed>
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49937 [Slurm Protocol Double Free]
+ - slurm-wlm <unfixed>
+ - slurm-llnl <removed>
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49936 [Slurm NULL Pointer Dereference]
+ - slurm-wlm <unfixed>
+ - slurm-llnl <removed>
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49938 [Slurm Arbitrary File Overwrite]
+ - slurm-wlm <unfixed>
+ - slurm-llnl <removed>
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
+CVE-2023-49935 [Slurmd Message Integrity Bypass]
+ - slurm-wlm <unfixed>
+ [bookworm] - slurm-wlm <not-affected> (Vulnerable code introduced later)
+ [bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later)
+ - slurm-llnl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks PAN-OS sof ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS so ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc34bf28a630ad928b3b175bb7ef5040111e52a6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc34bf28a630ad928b3b175bb7ef5040111e52a6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/7fbb435c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list