CVE-2017-15566 in Ubuntu

CVE-2017-15566

Priority

Description

Insecure SPANK environment variable handling exists in SchedMD Slurm before
16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing
privilege escalation to root during Prolog or Epilog execution.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15566
https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
https://www.schedmd.com/news.php?id=193#OPT_193

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880530

Notes

msalvatore

"This issue affects all Slurm versions from 15.08.0"

Package

Source: slurm-llnl (LP Ubuntu Debian)

Upstream:	released (16.05.11, 17.02.9, 17.11.0rc2)
Ubuntu 18.04 LTS:	not-affected (17.11.2-1build1)
Ubuntu 20.04 LTS:	not-affected (19.05.3.2-2)
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	not-affected (code not present)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-25 00:19:38 UTC (commit ecc1009cb19540b950de59270950018900f37f15)