SUSE-SU-2020:2599-1

Опубликовано: 10 сент. 2020

Источник: suse-cvrf

Описание

Security update for slurm_18_08

This update for slurm_18_08 fixes the following issues:

Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. (CVE-2020-12693, bsc#1172004). Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch
Remove unneeded build dependency to postgresql-devel.

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpmi0_18_08-18.08.9-1.8.2

libslurm33-18.08.9-1.8.2

perl-slurm_18_08-18.08.9-1.8.2

slurm_18_08-18.08.9-1.8.2

slurm_18_08-auth-none-18.08.9-1.8.2

slurm_18_08-config-18.08.9-1.8.2

slurm_18_08-devel-18.08.9-1.8.2

slurm_18_08-doc-18.08.9-1.8.2

slurm_18_08-lua-18.08.9-1.8.2

slurm_18_08-munge-18.08.9-1.8.2

slurm_18_08-node-18.08.9-1.8.2

slurm_18_08-pam_slurm-18.08.9-1.8.2

slurm_18_08-plugins-18.08.9-1.8.2

slurm_18_08-slurmdbd-18.08.9-1.8.2

slurm_18_08-sql-18.08.9-1.8.2

slurm_18_08-torque-18.08.9-1.8.2

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpmi0_18_08-18.08.9-1.8.2

libslurm33-18.08.9-1.8.2

perl-slurm_18_08-18.08.9-1.8.2

slurm_18_08-18.08.9-1.8.2

slurm_18_08-auth-none-18.08.9-1.8.2

slurm_18_08-config-18.08.9-1.8.2

slurm_18_08-devel-18.08.9-1.8.2

slurm_18_08-doc-18.08.9-1.8.2

slurm_18_08-lua-18.08.9-1.8.2

slurm_18_08-munge-18.08.9-1.8.2

slurm_18_08-node-18.08.9-1.8.2

slurm_18_08-pam_slurm-18.08.9-1.8.2

slurm_18_08-plugins-18.08.9-1.8.2

slurm_18_08-slurmdbd-18.08.9-1.8.2

slurm_18_08-sql-18.08.9-1.8.2

slurm_18_08-torque-18.08.9-1.8.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202599-1/
Link for SUSE-SU-2020:2599-1
https://lists.suse.com/pipermail/sle-security-updates/2020-September/007399.html
E-Mail link for SUSE-SU-2020:2599-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172004
SUSE Bug 1172004
https://www.suse.com/security/cve/CVE-2020-12693/
SUSE CVE CVE-2020-12693 page

Описание

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpmi0_18_08-18.08.9-1.8.2

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libslurm33-18.08.9-1.8.2

SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-slurm_18_08-18.08.9-1.8.2

SUSE Linux Enterprise High Performance Computing 15-ESPOS:slurm_18_08-18.08.9-1.8.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-12693.html
CVE-2020-12693
https://bugzilla.suse.com/1172004
SUSE Bug 1172004
https://bugzilla.suse.com/1173804
SUSE Bug 1173804

SUSE-SU-2020:2599-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

Ссылки

Уязвимость: CVE-2020-12693

Описание

Затронутые продукты

Ссылки