Описание
Security update for slurm
This update for slurm to version 18.08.9 fixes the following issues:
Security issues fixed:
- CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692).
- CVE-2019-12838: Fixed SchedMD Slurm SQL Injection issue (bnc#1140709).
- CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784).
Bug fixes:
- Fix ownership of /var/spool/slurm on new installations and upgrade (bsc#1158696).
- Fix %posttrans macro _res_update to cope with added newline (bsc#1153259).
- Move srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
libpmi0-18.08.9-lp151.2.6.1
libslurm33-18.08.9-lp151.2.6.1
perl-slurm-18.08.9-lp151.2.6.1
slurm-18.08.9-lp151.2.6.1
slurm-auth-none-18.08.9-lp151.2.6.1
slurm-config-18.08.9-lp151.2.6.1
slurm-config-man-18.08.9-lp151.2.6.1
slurm-cray-18.08.9-lp151.2.6.1
slurm-devel-18.08.9-lp151.2.6.1
slurm-doc-18.08.9-lp151.2.6.1
slurm-hdf5-18.08.9-lp151.2.6.1
slurm-lua-18.08.9-lp151.2.6.1
slurm-munge-18.08.9-lp151.2.6.1
slurm-node-18.08.9-lp151.2.6.1
slurm-openlava-18.08.9-lp151.2.6.1
slurm-pam_slurm-18.08.9-lp151.2.6.1
slurm-plugins-18.08.9-lp151.2.6.1
slurm-seff-18.08.9-lp151.2.6.1
slurm-sjstat-18.08.9-lp151.2.6.1
slurm-slurmdbd-18.08.9-lp151.2.6.1
slurm-sql-18.08.9-lp151.2.6.1
slurm-sview-18.08.9-lp151.2.6.1
slurm-torque-18.08.9-lp151.2.6.1
slurm-webdoc-18.08.9-lp151.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0085-1
- SUSE Security Ratings
- SUSE Bug 1140709
- SUSE Bug 1153095
- SUSE Bug 1153259
- SUSE Bug 1155784
- SUSE Bug 1158696
- SUSE Bug 1159692
- SUSE CVE CVE-2019-12838 page
- SUSE CVE CVE-2019-19727 page
- SUSE CVE CVE-2019-19728 page
Описание
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
Затронутые продукты
openSUSE Leap 15.1:libpmi0-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:libslurm33-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:perl-slurm-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:slurm-18.08.9-lp151.2.6.1
Ссылки
- CVE-2019-12838
- SUSE Bug 1140709
Описание
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
Затронутые продукты
openSUSE Leap 15.1:libpmi0-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:libslurm33-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:perl-slurm-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:slurm-18.08.9-lp151.2.6.1
Ссылки
- CVE-2019-19727
- SUSE Bug 1155784
Описание
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
Затронутые продукты
openSUSE Leap 15.1:libpmi0-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:libslurm33-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:perl-slurm-18.08.9-lp151.2.6.1
openSUSE Leap 15.1:slurm-18.08.9-lp151.2.6.1
Ссылки
- CVE-2019-19728
- SUSE Bug 1155784
- SUSE Bug 1159692