SUSE-SU-2024:0287-1

Опубликовано: 31 янв. 2024

Источник: suse-cvrf

Описание

Security update for slurm

This update for slurm fixes the following issues:

Security fixes:

CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
CVE-2023-49936: Prevent NULL pointer dereference on size_valp overflow. (bsc#1218050)
CVE-2023-49937: Prevent double-xfree() on error in _unpack_node_reg_resp(). (bsc#1218051)
CVE-2023-49938: Prevent modified sbcast RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

Fix slurm upgrading to incompatible versions (bsc#1216869).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libnss_slurm2-20.02.7-150200.3.20.1

libpmi0-20.02.7-150200.3.20.1

libslurm35-20.02.7-150200.3.20.1

perl-slurm-20.02.7-150200.3.20.1

slurm-20.02.7-150200.3.20.1

slurm-auth-none-20.02.7-150200.3.20.1

slurm-config-20.02.7-150200.3.20.1

slurm-config-man-20.02.7-150200.3.20.1

slurm-devel-20.02.7-150200.3.20.1

slurm-doc-20.02.7-150200.3.20.1

slurm-lua-20.02.7-150200.3.20.1

slurm-munge-20.02.7-150200.3.20.1

slurm-node-20.02.7-150200.3.20.1

slurm-pam_slurm-20.02.7-150200.3.20.1

slurm-plugins-20.02.7-150200.3.20.1

slurm-slurmdbd-20.02.7-150200.3.20.1

slurm-sql-20.02.7-150200.3.20.1

slurm-sview-20.02.7-150200.3.20.1

slurm-torque-20.02.7-150200.3.20.1

slurm-webdoc-20.02.7-150200.3.20.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240287-1/
Link for SUSE-SU-2024:0287-1
https://lists.suse.com/pipermail/sle-security-updates/2024-January/017826.html
E-Mail link for SUSE-SU-2024:0287-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216869
SUSE Bug 1216869
https://bugzilla.suse.com/1218046
SUSE Bug 1218046
https://bugzilla.suse.com/1218050
SUSE Bug 1218050
https://bugzilla.suse.com/1218051
SUSE Bug 1218051
https://bugzilla.suse.com/1218053
SUSE Bug 1218053
https://www.suse.com/security/cve/CVE-2023-49933/
SUSE CVE CVE-2023-49933 page
https://www.suse.com/security/cve/CVE-2023-49936/
SUSE CVE CVE-2023-49936 page
https://www.suse.com/security/cve/CVE-2023-49937/
SUSE CVE CVE-2023-49937 page
https://www.suse.com/security/cve/CVE-2023-49938/
SUSE CVE CVE-2023-49938 page

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm35-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm-20.02.7-150200.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49933.html
CVE-2023-49933
https://bugzilla.suse.com/1218046
SUSE Bug 1218046

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm35-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm-20.02.7-150200.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49936.html
CVE-2023-49936
https://bugzilla.suse.com/1218050
SUSE Bug 1218050

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm35-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm-20.02.7-150200.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49937.html
CVE-2023-49937
https://bugzilla.suse.com/1218051
SUSE Bug 1218051

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm35-20.02.7-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm-20.02.7-150200.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49938.html
CVE-2023-49938
https://bugzilla.suse.com/1218053
SUSE Bug 1218053

SUSE-SU-2024:0287-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

Ссылки

Уязвимость: CVE-2023-49933

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-49936

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-49937

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-49938

Описание

Затронутые продукты

Ссылки