Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0309-1

Опубликовано: 02 фев. 2024
Источник: suse-cvrf

Описание

Security update for slurm_20_11

This update for slurm_20_11 fixes the following issues:

  • CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
  • CVE-2023-49936: Prevent NULL pointer dereference on size_valp overflow. (bsc#1218050)
  • CVE-2023-49937: Prevent double-xfree() on error in _unpack_node_reg_resp(). (bsc#1218051)
  • CVE-2023-49938: Prevent modified sbcast RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

  • Add missing service file for slurmrestd (bsc#1217711).
  • Fix slurm upgrading to incompatible versions (bsc#1216869).

Список пакетов

SUSE Linux Enterprise Module for HPC 12
libnss_slurm2_20_11-20.11.9-3.19.1
libpmi0_20_11-20.11.9-3.19.1
libslurm36-20.11.9-3.19.1
perl-slurm_20_11-20.11.9-3.19.1
slurm_20_11-20.11.9-3.19.1
slurm_20_11-auth-none-20.11.9-3.19.1
slurm_20_11-config-20.11.9-3.19.1
slurm_20_11-config-man-20.11.9-3.19.1
slurm_20_11-devel-20.11.9-3.19.1
slurm_20_11-doc-20.11.9-3.19.1
slurm_20_11-lua-20.11.9-3.19.1
slurm_20_11-munge-20.11.9-3.19.1
slurm_20_11-node-20.11.9-3.19.1
slurm_20_11-pam_slurm-20.11.9-3.19.1
slurm_20_11-plugins-20.11.9-3.19.1
slurm_20_11-slurmdbd-20.11.9-3.19.1
slurm_20_11-sql-20.11.9-3.19.1
slurm_20_11-sview-20.11.9-3.19.1
slurm_20_11-torque-20.11.9-3.19.1
slurm_20_11-webdoc-20.11.9-3.19.1

Ссылки

Описание

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libslurm36-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_11-20.11.9-3.19.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libslurm36-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_11-20.11.9-3.19.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libslurm36-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_11-20.11.9-3.19.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libslurm36-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_11-20.11.9-3.19.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_11-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:libslurm36-20.11.9-3.19.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_11-20.11.9-3.19.1
Ссылки
Уязвимость SUSE-SU-2024:0309-1