[slurm-users] Slurm versions 23.02.6 and 22.05.10 are now available (CVE-2023-41914)

Groner, Rob rug262 at psu.edu
Mon Oct 16 15:22:09 UTC 2023

It is my understanding that it is a different issue than pmix.  So to be fully protected, you would need to build the latest/fixed pmix and rebuild slurm using that (or just keep pmix disabled), AND have this latest version of slurm with their fix for their own vulnerability.


From: slurm-users <slurm-users-bounces at lists.schedmd.com> on behalf of Gerhard Strangar <g.s at arcor.de>
Sent: Friday, October 13, 2023 1:08 PM
To: slurm-users at lists.schedmd.com <slurm-users at lists.schedmd.com>
Subject: Re: [slurm-users] Slurm versions 23.02.6 and 22.05.10 are now available (CVE-2023-41914)

Tim Wickberg wrote:

> A number of race conditions have been identified within the
> slurmd/slurmstepd processes that can lead to the user taking ownership
> of an arbitrary file on the system.

Is it any different than the CVE-2023-41915 in PMIx or does it just have
an additional number but it's the same issue? Or did anyone mis-type the
number? I couldn't find any information on CVE-2023-41914.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20231016/8d6befc5/attachment-0001.htm>

More information about the slurm-users mailing list