OSG-SEC-2018-03-27 SLURM Vulnerability
Dear OSG Security Contacts,
A critical vulnerability was reported in Slurm which allows SQL injection attacks against the SlurmDBD component and it is described in CVE-2018-7033.
SLURM Versions 17.11.5 and 17.02.10 were released on March 15th 2018 with a fix for the mentioned vulnerability. All previous versions are considered to be vulnerable.
WHAT IS THE VULNERABILITY:
"Several issues were discovered with incomplete sanitization of user-provided text strings, which could potentially lead to SQL injection attacks against SlurmDBD itself. Such exploits could lead to a loss of accounting data, or escalation of user privileges on the cluster." 
WHAT YOU SHOULD DO:
- Sites running SLURM are recommended to update to the most current versions as soon as possible if they have not done so already.
- As stated in the security advisory by the software vendor: "The only safe mitigation, aside from installing these updated versions, is to disable SlurmDBD on your system." 
-  https://www.schedmd.com/news.php?id=201#OPT_201
Please contact the OSG security team [immediately] at secu[email protected] if you have any questions or concerns.
OSG Security Team