Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0278-1

Опубликовано: 31 янв. 2024
Источник: suse-cvrf

Описание

Security update for slurm_20_02

This update for slurm_20_02 fixes the following issues:

Security fixes:

  • CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
  • CVE-2023-49936: Prevent NULL pointer dereference on size_valp overflow. (bsc#1218050)
  • CVE-2023-49937: Prevent double-xfree() on error in _unpack_node_reg_resp(). (bsc#1218051)
  • CVE-2023-49938: Prevent modified sbcast RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

  • Fix slurm upgrading to incompatible versions (bsc#1216869).

Список пакетов

openSUSE Leap 15.5
libnss_slurm2_20_02-20.02.7-150100.3.30.1
libpmi0_20_02-20.02.7-150100.3.30.1
perl-slurm_20_02-20.02.7-150100.3.30.1
slurm_20_02-20.02.7-150100.3.30.1
slurm_20_02-auth-none-20.02.7-150100.3.30.1
slurm_20_02-config-20.02.7-150100.3.30.1
slurm_20_02-config-man-20.02.7-150100.3.30.1
slurm_20_02-cray-20.02.7-150100.3.30.1
slurm_20_02-devel-20.02.7-150100.3.30.1
slurm_20_02-doc-20.02.7-150100.3.30.1
slurm_20_02-hdf5-20.02.7-150100.3.30.1
slurm_20_02-lua-20.02.7-150100.3.30.1
slurm_20_02-munge-20.02.7-150100.3.30.1
slurm_20_02-node-20.02.7-150100.3.30.1
slurm_20_02-openlava-20.02.7-150100.3.30.1
slurm_20_02-pam_slurm-20.02.7-150100.3.30.1
slurm_20_02-plugins-20.02.7-150100.3.30.1
slurm_20_02-rest-20.02.7-150100.3.30.1
slurm_20_02-seff-20.02.7-150100.3.30.1
slurm_20_02-sjstat-20.02.7-150100.3.30.1
slurm_20_02-slurmdbd-20.02.7-150100.3.30.1
slurm_20_02-sql-20.02.7-150100.3.30.1
slurm_20_02-sview-20.02.7-150100.3.30.1
slurm_20_02-testsuite-20.02.7-150100.3.30.1
slurm_20_02-torque-20.02.7-150100.3.30.1
slurm_20_02-webdoc-20.02.7-150100.3.30.1

Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
openSUSE Leap 15.5:libnss_slurm2_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:libpmi0_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:perl-slurm_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:slurm_20_02-20.02.7-150100.3.30.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
openSUSE Leap 15.5:libnss_slurm2_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:libpmi0_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:perl-slurm_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:slurm_20_02-20.02.7-150100.3.30.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
openSUSE Leap 15.5:libnss_slurm2_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:libpmi0_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:perl-slurm_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:slurm_20_02-20.02.7-150100.3.30.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты
openSUSE Leap 15.5:libnss_slurm2_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:libpmi0_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:perl-slurm_20_02-20.02.7-150100.3.30.1
openSUSE Leap 15.5:slurm_20_02-20.02.7-150100.3.30.1
Ссылки