Summary: A security vulnerability (CVE) has been identified in the Munge software, which could potentially allow unauthorized access to the Munge key used for user authentication in Slurm jobs. In response to this issue, a new version of Munge has been released.
Details:
- Issue Identified: A security flaw in Munge that may expose the Munge key.
- Action Taken: Deployment of a new version of Munge to address the vulnerability.
- Maintenance Scheduled: The cluster will undergo maintenance to exchange the current Munge key.
User Instructions:
- Job Review: All users are requested to review their job lists. If any unknown jobs appear, please delete them and notify us immediately.
- Sensitive Data Handling: Users with extremely sensitive data in their directories can request a temporary suspension of job submissions for their accounts. Accounts will be re-enabled after maintenance is complete.
We appreciate your cooperation and understanding as we work to enhance our system’s security.
You can track any disruptions or security advisories that may occur due to the aforementioned change in the RWTH High Performance Computing (HPC) category on our status reporting portal.
