Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0310-1

Опубликовано: 02 фев. 2024
Источник: suse-cvrf

Описание

Security update for slurm_20_02

This update for slurm_20_02 fixes the following issues:

Security fixes:

  • CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
  • CVE-2023-49936: Prevent NULL pointer dereference on size_valp overflow. (bsc#1218050)
  • CVE-2023-49937: Prevent double-xfree() on error in _unpack_node_reg_resp(). (bsc#1218051)
  • CVE-2023-49938: Prevent modified sbcast RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

  • Fix slurm upgrading to incompatible versions (bsc#1216869).

Список пакетов

SUSE Linux Enterprise Module for HPC 12
libnss_slurm2_20_02-20.02.7-3.20.1
libpmi0_20_02-20.02.7-3.20.1
libslurm35-20.02.7-3.20.1
perl-slurm_20_02-20.02.7-3.20.1
slurm_20_02-20.02.7-3.20.1
slurm_20_02-auth-none-20.02.7-3.20.1
slurm_20_02-config-20.02.7-3.20.1
slurm_20_02-config-man-20.02.7-3.20.1
slurm_20_02-devel-20.02.7-3.20.1
slurm_20_02-doc-20.02.7-3.20.1
slurm_20_02-lua-20.02.7-3.20.1
slurm_20_02-munge-20.02.7-3.20.1
slurm_20_02-node-20.02.7-3.20.1
slurm_20_02-pam_slurm-20.02.7-3.20.1
slurm_20_02-plugins-20.02.7-3.20.1
slurm_20_02-slurmdbd-20.02.7-3.20.1
slurm_20_02-sql-20.02.7-3.20.1
slurm_20_02-sview-20.02.7-3.20.1
slurm_20_02-torque-20.02.7-3.20.1

Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.20.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.20.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.20.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты
SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.20.1
SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.20.1
Ссылки
Уязвимость SUSE-SU-2024:0310-1