[USN-8236-1] Slurm vulnerabilities

========================================================================== Ubuntu Security Notice USN-8236-1 May 06, 2026 slurm-wlm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Slurm. Software Description: - slurm-wlm: Simple Linux Utility for Resource Management Details: It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-41914) Ryan Hall discovered that Slurm did not correctly enforce certain message integrity checks. An attacker could possibly use this issue to bypass integrity checks. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-49933) Ryan Hall discovered that Slurm did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-49937) Ryan Hall discovered that Slurm did not correctly handle certain access control mechanisms. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-49938) It was discovered that Slurm did not correctly handle user promotion. An attacker could possibly use this issue to promote themselves to an administrator. (CVE-2025-43904) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libpam-slurm 23.11.4-1.2ubuntu5+esm1 Available with Ubuntu Pro libpam-slurm-dev 23.11.4-1.2ubuntu5+esm1 Available with Ubuntu Pro libslurm-dev 23.11.4-1.2ubuntu5+esm1 Available with Ubuntu Pro slurm-wlm 23.11.4-1.2ubuntu5+esm1 Available with Ubuntu Pro slurmctld 23.11.4-1.2ubuntu5+esm1 Available with Ubuntu Pro slurmd 23.11.4-1.2ubuntu5+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libpam-slurm 21.08.5-2ubuntu1+esm2 Available with Ubuntu Pro libslurm-dev 21.08.5-2ubuntu1+esm2 Available with Ubuntu Pro slurm-wlm 21.08.5-2ubuntu1+esm2 Available with Ubuntu Pro slurmctld 21.08.5-2ubuntu1+esm2 Available with Ubuntu Pro slurmd 21.08.5-2ubuntu1+esm2 Available with Ubuntu Pro After a standard system update you need to restart Slurm to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8236-1 CVE-2023-41914, CVE-2023-49933, CVE-2023-49937, CVE-2023-49938, CVE-2025-43904