SUSE-SU-2020:2602-1

Опубликовано: 10 сент. 2020

Источник: suse-cvrf

Описание

Security update for slurm

This update for slurm fixes the following issues:

Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch (CVE-2020-12693, bsc#1172004).
Remove unneeded build dependency to postgresql-devel.

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpmi0-17.11.13-6.31.1

libslurm32-17.11.13-6.31.1

perl-slurm-17.11.13-6.31.1

slurm-17.11.13-6.31.1

slurm-auth-none-17.11.13-6.31.1

slurm-config-17.11.13-6.31.1

slurm-devel-17.11.13-6.31.1

slurm-doc-17.11.13-6.31.1

slurm-lua-17.11.13-6.31.1

slurm-munge-17.11.13-6.31.1

slurm-node-17.11.13-6.31.1

slurm-pam_slurm-17.11.13-6.31.1

slurm-plugins-17.11.13-6.31.1

slurm-slurmdbd-17.11.13-6.31.1

slurm-sql-17.11.13-6.31.1

slurm-torque-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpmi0-17.11.13-6.31.1

libslurm32-17.11.13-6.31.1

perl-slurm-17.11.13-6.31.1

slurm-17.11.13-6.31.1

slurm-auth-none-17.11.13-6.31.1

slurm-config-17.11.13-6.31.1

slurm-devel-17.11.13-6.31.1

slurm-doc-17.11.13-6.31.1

slurm-lua-17.11.13-6.31.1

slurm-munge-17.11.13-6.31.1

slurm-node-17.11.13-6.31.1

slurm-pam_slurm-17.11.13-6.31.1

slurm-plugins-17.11.13-6.31.1

slurm-slurmdbd-17.11.13-6.31.1

slurm-sql-17.11.13-6.31.1

slurm-torque-17.11.13-6.31.1

SUSE Linux Enterprise Module for HPC 15 SP1

libslurm32-17.11.13-6.31.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202602-1/
Link for SUSE-SU-2020:2602-1
https://lists.suse.com/pipermail/sle-security-updates/2020-September/007403.html
E-Mail link for SUSE-SU-2020:2602-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172004
SUSE Bug 1172004
https://www.suse.com/security/cve/CVE-2019-19727/
SUSE CVE CVE-2019-19727 page
https://www.suse.com/security/cve/CVE-2020-12693/
SUSE CVE CVE-2020-12693 page

Описание

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpmi0-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libslurm32-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-slurm-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:slurm-17.11.13-6.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-19727.html
CVE-2019-19727
https://bugzilla.suse.com/1155784
SUSE Bug 1155784

Описание

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpmi0-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libslurm32-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-slurm-17.11.13-6.31.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:slurm-17.11.13-6.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-12693.html
CVE-2020-12693
https://bugzilla.suse.com/1172004
SUSE Bug 1172004
https://bugzilla.suse.com/1173804
SUSE Bug 1173804

SUSE-SU-2020:2602-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for HPC 15 SP1

Ссылки

Уязвимость: CVE-2019-19727

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-12693

Описание

Затронутые продукты

Ссылки