-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5961-1                   security@debian.org
https://www.debian.org/security/                             Shengqi Chen
July 08, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : slurm-wlm
CVE ID         : CVE-2025-43904
Debian Bug     : 1104929

Sekou Diakite from HPE discovered a mistake with permission handling for
Coordinators within the accounting system of Slurm Workload Manager, a
cluster resource management and job scheduling system, that it could allow
a Coordinator to promote a user to Administrator.

- -
For the stable distribution (bookworm), this problem has been fixed in
version 22.05.8-4+deb12u3.

We recommend that you upgrade your slurm-wlm packages.

For the detailed security status of slurm-wlm please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/slurm-wlm

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmhs2h4ACgkQNP8o68vM
TMhg+wf/aiE98TIxusPba3u0F49jnbdztNyK4A3DwBgds0ZUSyE/l2ZP/jmIPFdE
QBH1m2rK/X8oSuvkXQN4ruek95Jch/kvPy/26+YlSlNEwc50vLxYp6D+E22tr2QE
CEIoKapk4nKnoWMGfQCg/chuQm3oXYJ0Bd1jEh1ZvHW7IGW8JJAyDJ55Fgo2DDXP
QBN9ZCgta9GZyspmToAw1CCfBGTDdpsZYalE0zu/ldglAZTKKO07WzMjarCFSfh3
cwjtaDFrxhh4w6noM3+YWoxQFEfO7r2YxYqqRUg9rUQArhxSjuk+fVfU/ItQP0gO
E27m2dtxsxVcjNQv+BFona7VT0yMgQ==
=Pb5I
-----END PGP SIGNATURE-----