Описание
Security update for slurm_20_02
This update for slurm_20_02 fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674).
- CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278).
- CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279).
Bugfixes:
- Fixed qstat error message (torque wrapper) (bsc#1186646).
Список пакетов
SUSE Linux Enterprise Module for HPC 12
libnss_slurm2_20_02-20.02.7-3.14.1
libpmi0_20_02-20.02.7-3.14.1
libslurm35-20.02.7-3.14.1
perl-slurm_20_02-20.02.7-3.14.1
slurm_20_02-20.02.7-3.14.1
slurm_20_02-auth-none-20.02.7-3.14.1
slurm_20_02-config-20.02.7-3.14.1
slurm_20_02-config-man-20.02.7-3.14.1
slurm_20_02-devel-20.02.7-3.14.1
slurm_20_02-doc-20.02.7-3.14.1
slurm_20_02-lua-20.02.7-3.14.1
slurm_20_02-munge-20.02.7-3.14.1
slurm_20_02-node-20.02.7-3.14.1
slurm_20_02-pam_slurm-20.02.7-3.14.1
slurm_20_02-plugins-20.02.7-3.14.1
slurm_20_02-slurmdbd-20.02.7-3.14.1
slurm_20_02-sql-20.02.7-3.14.1
slurm_20_02-sview-20.02.7-3.14.1
slurm_20_02-torque-20.02.7-3.14.1
Ссылки
- Link for SUSE-SU-2022:3477-1
- E-Mail link for SUSE-SU-2022:3477-1
- SUSE Security Ratings
- SUSE Bug 1186646
- SUSE Bug 1199278
- SUSE Bug 1199279
- SUSE Bug 1201674
- SUSE CVE CVE-2022-29500 page
- SUSE CVE CVE-2022-29501 page
- SUSE CVE CVE-2022-31251 page
Описание
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.14.1
Ссылки
- CVE-2022-29500
- SUSE Bug 1199278
Описание
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.14.1
Ссылки
- CVE-2022-29501
- SUSE Bug 1199279
Описание
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.14.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.14.1
Ссылки
- CVE-2022-31251
- SUSE Bug 1201674