[Bug 1199281] New: VUL-0: CVE-2022-29502: slurm,slurmlibs,slurm_20_11,slurm_18_08,slurm_20_02: I/O key validation allows attacker to intercept communication
http://bugzilla.opensuse.org/show_bug.cgi?id=1199281 Bug ID: 1199281 Summary: VUL-0: CVE-2022-29502: slurm,slurmlibs,slurm_20_11,slurm_18_08,slurm_20_02: I/O key validation allows attacker to intercept communication Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/330837/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: hpc-bugs@suse.de Reporter: cathy.hu@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#2082291 An issue was found with the I/O key validation logic in the srun client command that could permit an attacker to attach to the user's terminal, and intercept process I/O. (Slurm 21.08 only.) https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html References: https://bugzilla.redhat.com/show_bug.cgi?id=2082291 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29502 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29502 https://www.schedmd.com/news.php?id=260 https://lists.schedmd.com/pipermail/slurm-announce/ https://www.schedmd.com/news.php -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199281 http://bugzilla.opensuse.org/show_bug.cgi?id=1199281#c1 --- Comment #1 from Hu <cathy.hu@suse.com> --- Affected: - openSUSE:Factory/slurm 21.08.7 Not Affected: - SUSE:SLE-12-SP2:GA:Products:Update/slurmlibs 16.05.8.1 - SUSE:SLE-12-SP2:GA:Products:Update/slurm 17.02.11 - SUSE:SLE-15:Update/slurm 17.11.13 - SUSE:SLE-12-SP2:GA:Products:Update/slurm_18_08 18.08.9 - SUSE:SLE-15-SP1:Update/slurm 18.08.9 - SUSE:SLE-15:Update/slurm_18_08 18.08.9 - SUSE:SLE-12-SP2:GA:Products:Update/slurm_20_02 20.02.7 - SUSE:SLE-15-SP1:Update/slurm_20_02 20.02.7 - SUSE:SLE-15-SP2:Update/slurm 20.02.7 - openSUSE:Backports:SLE-15-SP3/slurm 20.11.5 - SUSE:SLE-12-SP2:GA:Products:Update/slurm_20_11 20.11.7 - SUSE:SLE-15-SP2:Update/slurm_20_11 20.11.7 - SUSE:SLE-15-SP1:Update/slurm_20_11 20.11.7 - SUSE:SLE-15-SP3:Update/slurm 20.11.7 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199281 http://bugzilla.opensuse.org/show_bug.cgi?id=1199281#c3 --- Comment #3 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1199281) was mentioned in https://build.opensuse.org/request/show/976280 Factory / slurm -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com