Bug#602340: CVE-2010-3380

Wed, 03 Nov 2010 14:57:21 -0700 

Package: slurm-llnl
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3380 

I'm attaching the extracted upstream fix. Please note that while upstream
has fixed this issue in 2.1.4, Debian is still affected since we ship
our own init scripts in debian/. As such, sid still needs a fix.

As for Squeeze, please prepare a targeted testing upload with the security
fix only. At this point of the release freeze release managers don't
accept new upstream releases any longer.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages slurm-llnl depends on:
ii  adduser                   3.112+nmu1     add and remove users and groups
ii  libc6                     2.11.2-6       Embedded GNU C Library: Shared lib
ii  libncurses5               5.7+20100313-4 shared libraries for terminal hand
ii  lsb-base                  3.2-26         Linux Standard Base 3.2 init scrip
pn  munge                     <none>         (no description available)
ii  openssl                   0.9.8o-2       Secure Socket Layer (SSL) binary a
pn  openssl-blacklist         <none>         (no description available)
pn  slurm-llnl-basic-plugins  <none>         (no description available)
ii  ucf                       3.0025+nmu1    Update Configuration File: preserv

slurm-llnl recommends no packages.

slurm-llnl suggests no packages.

diff -Naur slurm-2.1.12/etc/init.d.slurm slurm-2.1.14/etc/init.d.slurm
--- slurm-2.1.12/etc/init.d.slurm	2010-04-06 18:26:19.000000000 +0200
+++ slurm-2.1.14/etc/init.d.slurm	2010-09-20 18:59:38.000000000 +0200
@@ -80,7 +80,7 @@
 fi
 
 # setup library paths for slurm and munge support
-export LD_LIBRARY_PATH="$LIBDIR:$LD_LIBRARY_PATH"
+export LD_LIBRARY_PATH=$LIBDIR${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
 
 start() {
     prog=$1
diff -Naur slurm-2.1.12/etc/init.d.slurmdbd slurm-2.1.14/etc/init.d.slurmdbd
--- slurm-2.1.12/etc/init.d.slurmdbd	2010-04-06 18:26:19.000000000 +0200
+++ slurm-2.1.14/etc/init.d.slurmdbd	2010-09-20 18:59:38.000000000 +0200
@@ -69,7 +69,7 @@
 fi
 
 # setup library paths for slurm and munge support
-export LD_LIBRARY_PATH="$LIBDIR:$LD_LIBRARY_PATH"
+export LD_LIBRARY_PATH=$LIBDIR${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
 
 start() {
     prog=$1

Reply via email to