SUSE-SU-2024:0315-1

Опубликовано: 02 фев. 2024

Источник: suse-cvrf

Описание

Security update for slurm

This update for slurm fixes the following issues:

CVE-2023-49933: Fixed a message extension attack that could bypass the message hash (bsc#1218046).
CVE-2023-49936: Fixed a NULL pointer dereference (bsc#1218050).
CVE-2023-49937: Fixed a double free that could lead to denial of service or code execution (bsc#1218051).
CVE-2023-49938: Fixed an incorrect access control issue that could allow an attacker to modify their extended group list (bsc#1218053).

Список пакетов

SUSE Linux Enterprise Module for HPC 12

libpmi0-17.02.11-6.59.1

libslurm31-17.02.11-6.59.1

perl-slurm-17.02.11-6.59.1

slurm-17.02.11-6.59.1

slurm-auth-none-17.02.11-6.59.1

slurm-config-17.02.11-6.59.1

slurm-devel-17.02.11-6.59.1

slurm-doc-17.02.11-6.59.1

slurm-lua-17.02.11-6.59.1

slurm-munge-17.02.11-6.59.1

slurm-pam_slurm-17.02.11-6.59.1

slurm-plugins-17.02.11-6.59.1

slurm-sched-wiki-17.02.11-6.59.1

slurm-slurmdb-direct-17.02.11-6.59.1

slurm-slurmdbd-17.02.11-6.59.1

slurm-sql-17.02.11-6.59.1

slurm-torque-17.02.11-6.59.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240315-1/
Link for SUSE-SU-2024:0315-1
https://lists.suse.com/pipermail/sle-security-updates/2024-February/017850.html
E-Mail link for SUSE-SU-2024:0315-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218046
SUSE Bug 1218046
https://bugzilla.suse.com/1218050
SUSE Bug 1218050
https://bugzilla.suse.com/1218051
SUSE Bug 1218051
https://bugzilla.suse.com/1218053
SUSE Bug 1218053
https://www.suse.com/security/cve/CVE-2023-49933/
SUSE CVE CVE-2023-49933 page
https://www.suse.com/security/cve/CVE-2023-49936/
SUSE CVE CVE-2023-49936 page
https://www.suse.com/security/cve/CVE-2023-49937/
SUSE CVE CVE-2023-49937 page
https://www.suse.com/security/cve/CVE-2023-49938/
SUSE CVE CVE-2023-49938 page

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты

SUSE Linux Enterprise Module for HPC 12:libpmi0-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:libslurm31-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:perl-slurm-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:slurm-17.02.11-6.59.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49933.html
CVE-2023-49933
https://bugzilla.suse.com/1218046
SUSE Bug 1218046

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты

SUSE Linux Enterprise Module for HPC 12:libpmi0-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:libslurm31-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:perl-slurm-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:slurm-17.02.11-6.59.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49936.html
CVE-2023-49936
https://bugzilla.suse.com/1218050
SUSE Bug 1218050

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты

SUSE Linux Enterprise Module for HPC 12:libpmi0-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:libslurm31-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:perl-slurm-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:slurm-17.02.11-6.59.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49937.html
CVE-2023-49937
https://bugzilla.suse.com/1218051
SUSE Bug 1218051

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты

SUSE Linux Enterprise Module for HPC 12:libpmi0-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:libslurm31-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:perl-slurm-17.02.11-6.59.1

SUSE Linux Enterprise Module for HPC 12:slurm-17.02.11-6.59.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-49938.html
CVE-2023-49938
https://bugzilla.suse.com/1218053
SUSE Bug 1218053

SUSE-SU-2024:0315-1

Описание

Список пакетов

SUSE Linux Enterprise Module for HPC 12

Ссылки

Уязвимость: CVE-2023-49933

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-49936

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-49937

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-49938

Описание

Затронутые продукты

Ссылки