Schedmd Slurm vulnerabilities

CVE-2019-6438 [CRITICAL] CVE-2019-6438: SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

CVE-2018-10995 [MEDIUM] CWE-20 CVE-2018-10995: SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

CVE-2018-7033 [CRITICAL] CWE-89 CVE-2018-7033: SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmD SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.

CVE-2017-15566 [HIGH] CWE-426 CVE-2017-15566: Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17 Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

CVE-2016-10030 [HIGH] CWE-284 CVE-2016-10030: The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x b The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the