Security update for slurm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0085-1 Final 1 1 2020-01-21T11:13:52Z current 2020-01-21T11:13:52Z 2020-01-21T11:13:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm to version 18.08.9 fixes the following issues: Security issues fixed: - CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692). - CVE-2019-12838: Fixed SchedMD Slurm SQL Injection issue (bnc#1140709). - CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784). Bug fixes: - Fix ownership of /var/spool/slurm on new installations and upgrade (bsc#1158696). - Fix %posttrans macro _res_update to cope with added newline (bsc#1153259). - Move srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-85 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JWDCJIOVPR5P4ISSFNSYPNTNT3TDAMI4/ E-Mail link for openSUSE-SU-2020:0085-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1140709 SUSE Bug 1140709 https://bugzilla.suse.com/1153095 SUSE Bug 1153095 https://bugzilla.suse.com/1153259 SUSE Bug 1153259 https://bugzilla.suse.com/1155784 SUSE Bug 1155784 https://bugzilla.suse.com/1158696 SUSE Bug 1158696 https://bugzilla.suse.com/1159692 SUSE Bug 1159692 https://www.suse.com/security/cve/CVE-2019-12838/ SUSE CVE CVE-2019-12838 page https://www.suse.com/security/cve/CVE-2019-19727/ SUSE CVE CVE-2019-19727 page https://www.suse.com/security/cve/CVE-2019-19728/ SUSE CVE CVE-2019-19728 page openSUSE Leap 15.1 libpmi0-18.08.9-lp151.2.6.1 libslurm33-18.08.9-lp151.2.6.1 perl-slurm-18.08.9-lp151.2.6.1 slurm-18.08.9-lp151.2.6.1 slurm-auth-none-18.08.9-lp151.2.6.1 slurm-config-18.08.9-lp151.2.6.1 slurm-config-man-18.08.9-lp151.2.6.1 slurm-cray-18.08.9-lp151.2.6.1 slurm-devel-18.08.9-lp151.2.6.1 slurm-doc-18.08.9-lp151.2.6.1 slurm-hdf5-18.08.9-lp151.2.6.1 slurm-lua-18.08.9-lp151.2.6.1 slurm-munge-18.08.9-lp151.2.6.1 slurm-node-18.08.9-lp151.2.6.1 slurm-openlava-18.08.9-lp151.2.6.1 slurm-pam_slurm-18.08.9-lp151.2.6.1 slurm-plugins-18.08.9-lp151.2.6.1 slurm-seff-18.08.9-lp151.2.6.1 slurm-sjstat-18.08.9-lp151.2.6.1 slurm-slurmdbd-18.08.9-lp151.2.6.1 slurm-sql-18.08.9-lp151.2.6.1 slurm-sview-18.08.9-lp151.2.6.1 slurm-torque-18.08.9-lp151.2.6.1 slurm-webdoc-18.08.9-lp151.2.6.1 libpmi0-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 libslurm33-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 perl-slurm-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-auth-none-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-config-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-config-man-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-cray-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-devel-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-doc-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-hdf5-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-lua-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-munge-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-node-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-openlava-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-pam_slurm-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-plugins-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-seff-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-sjstat-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-slurmdbd-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-sql-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-sview-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-torque-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 slurm-webdoc-18.08.9-lp151.2.6.1 as a component of openSUSE Leap 15.1 SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. CVE-2019-12838 openSUSE Leap 15.1:libpmi0-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:libslurm33-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:perl-slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-auth-none-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-config-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-config-man-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-cray-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-devel-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-doc-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-hdf5-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-lua-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-munge-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-node-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-openlava-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-pam_slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-plugins-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-seff-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sjstat-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-slurmdbd-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sql-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sview-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-torque-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-webdoc-18.08.9-lp151.2.6.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JWDCJIOVPR5P4ISSFNSYPNTNT3TDAMI4/ https://www.suse.com/security/cve/CVE-2019-12838.html CVE-2019-12838 https://bugzilla.suse.com/1140709 SUSE Bug 1140709 SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. CVE-2019-19727 openSUSE Leap 15.1:libpmi0-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:libslurm33-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:perl-slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-auth-none-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-config-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-config-man-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-cray-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-devel-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-doc-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-hdf5-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-lua-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-munge-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-node-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-openlava-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-pam_slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-plugins-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-seff-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sjstat-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-slurmdbd-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sql-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sview-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-torque-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-webdoc-18.08.9-lp151.2.6.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JWDCJIOVPR5P4ISSFNSYPNTNT3TDAMI4/ https://www.suse.com/security/cve/CVE-2019-19727.html CVE-2019-19727 https://bugzilla.suse.com/1155784 SUSE Bug 1155784 SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. CVE-2019-19728 openSUSE Leap 15.1:libpmi0-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:libslurm33-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:perl-slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-auth-none-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-config-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-config-man-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-cray-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-devel-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-doc-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-hdf5-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-lua-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-munge-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-node-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-openlava-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-pam_slurm-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-plugins-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-seff-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sjstat-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-slurmdbd-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sql-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-sview-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-torque-18.08.9-lp151.2.6.1 openSUSE Leap 15.1:slurm-webdoc-18.08.9-lp151.2.6.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JWDCJIOVPR5P4ISSFNSYPNTNT3TDAMI4/ https://www.suse.com/security/cve/CVE-2019-19728.html CVE-2019-19728 https://bugzilla.suse.com/1155784 SUSE Bug 1155784 https://bugzilla.suse.com/1159692 SUSE Bug 1159692