CVE-2019-19727

NameCVE-2019-19727
DescriptionSchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
slurm-llnl (PTS)jessie14.03.9-5+deb8u2vulnerable
jessie (security)14.03.9-5+deb8u4vulnerable
stretch16.05.9-1+deb9u4vulnerable
stretch (security)16.05.9-1+deb9u2vulnerable
buster18.08.5.2-1vulnerable
buster (security)18.08.5.2-1+deb10u1vulnerable
bullseye19.05.3.2-2vulnerable
sid19.05.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
slurm-llnlsource(unstable)19.05.5-1unimportant

Notes

https://bugzilla.suse.com/show_bug.cgi?id=1155784
Fixed upstream in 18.08.9, 19.05.5
The example file is installed as well in Debian as 0644 and slurmdbd.conf
not directly installed by the slurmdbd binary package.

Search for package or bug name: Reporting problems