Security update for slurm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0821-1 Final 1 1 2021-06-01T15:52:14Z current 2021-06-01T15:52:14Z 2021-06-01T15:52:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm fixes the following issues: - CVE-2021-31215: Fixed a environment mishandling that allowed remote code execution as SlurmUser (bsc#1186024). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-821 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQZ3XESX2ESDFJO4Y7ZLU4AIJYQKBO4W/ E-Mail link for openSUSE-SU-2021:0821-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186024 SUSE Bug 1186024 https://www.suse.com/security/cve/CVE-2021-31215/ SUSE CVE CVE-2021-31215 page openSUSE Leap 15.2 libnss_slurm2-20.02.7-lp152.2.6.1 libpmi0-20.02.7-lp152.2.6.1 libslurm35-20.02.7-lp152.2.6.1 perl-slurm-20.02.7-lp152.2.6.1 slurm-20.02.7-lp152.2.6.1 slurm-auth-none-20.02.7-lp152.2.6.1 slurm-config-20.02.7-lp152.2.6.1 slurm-config-man-20.02.7-lp152.2.6.1 slurm-cray-20.02.7-lp152.2.6.1 slurm-devel-20.02.7-lp152.2.6.1 slurm-doc-20.02.7-lp152.2.6.1 slurm-hdf5-20.02.7-lp152.2.6.1 slurm-lua-20.02.7-lp152.2.6.1 slurm-munge-20.02.7-lp152.2.6.1 slurm-node-20.02.7-lp152.2.6.1 slurm-openlava-20.02.7-lp152.2.6.1 slurm-pam_slurm-20.02.7-lp152.2.6.1 slurm-plugins-20.02.7-lp152.2.6.1 slurm-rest-20.02.7-lp152.2.6.1 slurm-seff-20.02.7-lp152.2.6.1 slurm-sjstat-20.02.7-lp152.2.6.1 slurm-slurmdbd-20.02.7-lp152.2.6.1 slurm-sql-20.02.7-lp152.2.6.1 slurm-sview-20.02.7-lp152.2.6.1 slurm-torque-20.02.7-lp152.2.6.1 slurm-webdoc-20.02.7-lp152.2.6.1 libnss_slurm2-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 libpmi0-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 libslurm35-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 perl-slurm-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-auth-none-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-config-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-config-man-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-cray-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-devel-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-doc-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-hdf5-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-lua-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-munge-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-node-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-openlava-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-pam_slurm-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-plugins-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-rest-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-seff-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-sjstat-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-slurmdbd-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-sql-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-sview-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-torque-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 slurm-webdoc-20.02.7-lp152.2.6.1 as a component of openSUSE Leap 15.2 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. CVE-2021-31215 openSUSE Leap 15.2:libnss_slurm2-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:libpmi0-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:libslurm35-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:perl-slurm-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-auth-none-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-config-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-config-man-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-cray-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-devel-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-doc-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-hdf5-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-lua-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-munge-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-node-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-openlava-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-pam_slurm-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-plugins-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-rest-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-seff-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-sjstat-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-slurmdbd-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-sql-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-sview-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-torque-20.02.7-lp152.2.6.1 openSUSE Leap 15.2:slurm-webdoc-20.02.7-lp152.2.6.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQZ3XESX2ESDFJO4Y7ZLU4AIJYQKBO4W/ https://www.suse.com/security/cve/CVE-2021-31215.html CVE-2021-31215 https://bugzilla.suse.com/1186024 SUSE Bug 1186024