Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0314-1

Опубликовано: 02 фев. 2024
Источник: suse-cvrf

Описание

Security update for slurm

This update for slurm fixes the following issues:

Security fixes:

  • CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. (bsc#1216207)
  • CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
  • CVE-2023-49936: Prevent NULL pointer dereference on size_valp overflow. (bsc#1218050)
  • CVE-2023-49937: Prevent double-xfree() on error in _unpack_node_reg_resp(). (bsc#1218051)
  • CVE-2023-49938: Prevent modified sbcast RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

  • Add missing service file for slurmrestd (bsc#1217711).
  • Fix slurm upgrading to incompatible versions (bsc#1216869).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libnss_slurm2-20.11.9-150400.3.3.1
libpmi0-20.11.9-150400.3.3.1
libslurm36-20.11.9-150400.3.3.1
perl-slurm-20.11.9-150400.3.3.1
slurm-20.11.9-150400.3.3.1
slurm-auth-none-20.11.9-150400.3.3.1
slurm-config-20.11.9-150400.3.3.1
slurm-config-man-20.11.9-150400.3.3.1
slurm-cray-20.11.9-150400.3.3.1
slurm-devel-20.11.9-150400.3.3.1
slurm-doc-20.11.9-150400.3.3.1
slurm-lua-20.11.9-150400.3.3.1
slurm-munge-20.11.9-150400.3.3.1
slurm-node-20.11.9-150400.3.3.1
slurm-pam_slurm-20.11.9-150400.3.3.1
slurm-plugins-20.11.9-150400.3.3.1
slurm-rest-20.11.9-150400.3.3.1
slurm-slurmdbd-20.11.9-150400.3.3.1
slurm-sql-20.11.9-150400.3.3.1
slurm-sview-20.11.9-150400.3.3.1
slurm-torque-20.11.9-150400.3.3.1
slurm-webdoc-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libnss_slurm2-20.11.9-150400.3.3.1
libpmi0-20.11.9-150400.3.3.1
libslurm36-20.11.9-150400.3.3.1
perl-slurm-20.11.9-150400.3.3.1
slurm-20.11.9-150400.3.3.1
slurm-auth-none-20.11.9-150400.3.3.1
slurm-config-20.11.9-150400.3.3.1
slurm-config-man-20.11.9-150400.3.3.1
slurm-cray-20.11.9-150400.3.3.1
slurm-devel-20.11.9-150400.3.3.1
slurm-doc-20.11.9-150400.3.3.1
slurm-lua-20.11.9-150400.3.3.1
slurm-munge-20.11.9-150400.3.3.1
slurm-node-20.11.9-150400.3.3.1
slurm-pam_slurm-20.11.9-150400.3.3.1
slurm-plugins-20.11.9-150400.3.3.1
slurm-rest-20.11.9-150400.3.3.1
slurm-slurmdbd-20.11.9-150400.3.3.1
slurm-sql-20.11.9-150400.3.3.1
slurm-sview-20.11.9-150400.3.3.1
slurm-torque-20.11.9-150400.3.3.1
slurm-webdoc-20.11.9-150400.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
libslurm36-20.11.9-150400.3.3.1

Ссылки

Описание

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnss_slurm2-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpmi0-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libslurm36-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:perl-slurm-20.11.9-150400.3.3.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnss_slurm2-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpmi0-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libslurm36-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:perl-slurm-20.11.9-150400.3.3.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnss_slurm2-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpmi0-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libslurm36-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:perl-slurm-20.11.9-150400.3.3.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnss_slurm2-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpmi0-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libslurm36-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:perl-slurm-20.11.9-150400.3.3.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnss_slurm2-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpmi0-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libslurm36-20.11.9-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:perl-slurm-20.11.9-150400.3.3.1
Ссылки
Уязвимость SUSE-SU-2024:0314-1