Source: slurm-llnl Version: 19.05.5-2 Severity: important Tags: security upstream
Hi, The following vulnerability was published for slurm-llnl. CVE-2020-12693[0]: | Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare | case where Message Aggregation is enabled, allows Authentication | Bypass via an Alternate Path or Channel. A race condition allows a | user to launch a process as an arbitrary user. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12693 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12693 [1] https://www.schedmd.com/news.php?id=236 [2] https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore