Security update for slurm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1264-1 Final 1 1 2019-04-24T09:59:44Z current 2019-04-24T09:59:44Z 2019-04-24T09:59:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm to version 17.11.13 fixes the following issues: Security issue fixed: - CVE-2019-6438: Fixed a heap overflow on 32-bit systems in xmalloc (bsc#1123304). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1264 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H3RO3AIVMETQBPGLFZJAUYK5C2RABV44/#H3RO3AIVMETQBPGLFZJAUYK5C2RABV44 E-Mail link for openSUSE-SU-2019:1264-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1123304 SUSE Bug 1123304 https://www.suse.com/security/cve/CVE-2019-6438/ SUSE CVE CVE-2019-6438 page openSUSE Leap 15.0 libpmi0-17.11.13-lp150.5.20.1 libslurm32-17.11.13-lp150.5.20.1 perl-slurm-17.11.13-lp150.5.20.1 slurm-17.11.13-lp150.5.20.1 slurm-auth-none-17.11.13-lp150.5.20.1 slurm-config-17.11.13-lp150.5.20.1 slurm-devel-17.11.13-lp150.5.20.1 slurm-doc-17.11.13-lp150.5.20.1 slurm-lua-17.11.13-lp150.5.20.1 slurm-munge-17.11.13-lp150.5.20.1 slurm-node-17.11.13-lp150.5.20.1 slurm-openlava-17.11.13-lp150.5.20.1 slurm-pam_slurm-17.11.13-lp150.5.20.1 slurm-plugins-17.11.13-lp150.5.20.1 slurm-seff-17.11.13-lp150.5.20.1 slurm-sjstat-17.11.13-lp150.5.20.1 slurm-slurmdbd-17.11.13-lp150.5.20.1 slurm-sql-17.11.13-lp150.5.20.1 slurm-sview-17.11.13-lp150.5.20.1 slurm-torque-17.11.13-lp150.5.20.1 libpmi0-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 libslurm32-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 perl-slurm-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-auth-none-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-config-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-devel-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-doc-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-lua-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-munge-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-node-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-openlava-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-pam_slurm-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-plugins-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-seff-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-sjstat-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-slurmdbd-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-sql-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-sview-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 slurm-torque-17.11.13-lp150.5.20.1 as a component of openSUSE Leap 15.0 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. CVE-2019-6438 openSUSE Leap 15.0:libpmi0-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:libslurm32-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:perl-slurm-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-auth-none-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-config-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-devel-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-doc-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-lua-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-munge-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-node-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-openlava-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-pam_slurm-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-plugins-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-seff-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-sjstat-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-slurmdbd-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-sql-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-sview-17.11.13-lp150.5.20.1 openSUSE Leap 15.0:slurm-torque-17.11.13-lp150.5.20.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H3RO3AIVMETQBPGLFZJAUYK5C2RABV44/#H3RO3AIVMETQBPGLFZJAUYK5C2RABV44 https://www.suse.com/security/cve/CVE-2019-6438.html CVE-2019-6438 https://bugzilla.suse.com/1123304 SUSE Bug 1123304