File _patchinfo of Package patchinfo.18010
<patchinfo incident="18010">
<issue tracker="jsc" id="ECO-2412">Update SLURM to 20.11</issue>
<issue tracker="cve" id="2017-15566"/>
<issue tracker="cve" id="2019-19728"/>
<issue tracker="cve" id="2019-19727"/>
<issue tracker="cve" id="2020-27746"/>
<issue tracker="cve" id="2018-10995"/>
<issue tracker="cve" id="2016-10030"/>
<issue tracker="cve" id="2018-7033"/>
<issue tracker="cve" id="2019-12838"/>
<issue tracker="cve" id="2020-27745"/>
<issue tracker="cve" id="2020-12693"/>
<issue tracker="cve" id="2019-6438"/>
<issue tracker="bnc" id="1178891">VUL-1: CVE-2020-27746: slurm,slurm_18_08,slurm_20_02,slurmlibs: potential leak of the magic cookie when sent as an argument to the xauth command</issue>
<issue tracker="bnc" id="1140709">VUL-0: CVE-2019-12838: slurm: 19.05.1 and 18.08.8 release</issue>
<issue tracker="bnc" id="1159692">VUL-0: CVE-2019-19728: slurm: [HPC,SLURM,CVE-2019-19728] Due to Race srun may run as User root</issue>
<issue tracker="bnc" id="1172004">VUL-0: CVE-2020-12693: slurm: Authentication Bypass via an Alternate Path or Channel when Message Aggregation is enabled</issue>
<issue tracker="bnc" id="1085240">VUL-0: CVE-2018-7033: slurm: security release 17.02.10, and 17.11.5</issue>
<issue tracker="bnc" id="1065697">VUL-0: CVE-2017-15566: slurm problem</issue>
<issue tracker="bnc" id="1123304">VUL-1: CVE-2019-6438: slurm: 18.08.5 and 17.11.13</issue>
<issue tracker="bnc" id="1155784">VUL-0: CVE-2019-19727: slurm: slurmdbd: slurmdbd.conf has an insecure Permission by default</issue>
<issue tracker="bnc" id="1095508">VUL-0: CVE-2018-10995: slurm: Insecure handling of username and gid fields</issue>
<issue tracker="bnc" id="1018371">VUL-0: CVE-2016-10030: slurm: prolog failure vulnerability</issue>
<issue tracker="bnc" id="1178890">VUL-0: CVE-2020-27745: slurm,slurmlibs,slurm_18_08,slurm_20_02: potential buffer overflows from use of unpackmem()</issue>
<rating>important</rating>
<category>security</category>
<summary>Security update for slurm_20_11 and pdsh</summary>
<packager>eeich</packager>
<description>This update for pdsh fixes the following issues:
- Preparing pdsh for Slurm 20.11 (jsc#ECO-2412)
- Simplify convoluted condition.
This update for slurm fixes the following issues:
- Fix potential buffer overflows from use of unpackmem(). CVE-2020-27745 (bsc#1178890)
- Fix potential leak of the magic cookie when sent as an argument to the xauth command. CVE-2020-27746 (bsc#1178891)
- Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805).
- Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004).
- slurm-plugins will now also require pmix not only libpmix (bsc#1164326)
- pmix searches now also for libpmix.so.2 so that there is no dependency for devel package (bsc#1164386)
- Update to version 20.02.0 (jsc#SLE-8491)
- standard slurm.conf uses now also SlurmctldHost on all build targets (bsc#1162377)
- start slurmdbd after mariadb (bsc#1161716)
- Update to version 19.05.5 (jsc#SLE-8491)
- Includes security fixes CVE-2019-19727, CVE-2019-19728, CVE-2019-12838.
- Update to v18.08.9 for fixing CVE-2019-19728 (bsc#1159692).
- Install slurmdbd.conf.example with 0600 permissions to encourage secure use. CVE-2019-19727.
- srun - do not continue with job launch if --uid fails. CVE-2019-19728
- added pmix support jsc#SLE-10800
- Fix ownership of /var/spool/slurm on new installations and upgrade (bsc#1158696).
- Fix permissions of slurmdbd.conf (bsc#1155784, CVE-2019-19727).
- Fix %posttrans macro _res_update to cope with added newline (bsc#1153259).
- Move srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095).
- Updated to 18.08.8 for fixing (CVE-2019-12838, bsc#1140709, jsc#SLE-7341, jsc#SLE-7342)
- Add mitigation for a potential heap overflow on 32-bit systems in xmalloc. (CVE-2019-6438, bsc#1123304)
- Fix fallout from 750cc23ed for CVE-2019-6438.
- Added backported patches which harden the pam module pam_slurm_adopt. (BOO#1116758)
- Moved config man pages to a separate package: This way, they won't get installed on compute nodes.
- added correct link flags for perl bindings (bsc#1108671)
- This fixes issues with failing slurm user creation when installed during initial system installation. (bsc#1109373)
- Add 'remote-fs.target' to the 'After=' directive in slurmctld.service (bsc#1103561).
- Fix race in the slurmctld backup controller which prevents it to clean up allocations on nodes properly after failing over (bsc#1084917).
- Handled %license in a backward compatible manner.
- Add a 'Recommends: slurm-munge' to slurm-slurmdbd.
- Shield comments between script snippets to avoid them being interpreted as scripts (bsc#1100850).
- Fix security issue in handling of username and gid fields (CVE-2018-10995 and bsc#1095508)
- Avoid running pretrans scripts when running in an instsys. (bsc#1090292).
- Fix interaction with systemd: systemd expects that a daemonizing process doesn't go away until the PID file with it PID of the daemon has bee written (bsc#1084125).
- Make sure systemd services get restarted only when all packages are in a consistent state, not in the middle of an 'update' transaction (bsc#1088693).
- fixed wrong log file location in slurmdbd.conf and fixed pid location for slurmdbd and made slurm-slurmdbd depend on slurm config which provides the dir /var/run/slurm (bsc#1086859).
- added comment for (bsc#1085606)
- Fix security issue in accounting_storage/mysql plugin by always escaping strings within the slurmdbd. CVE-2018-7033 (bsc#1085240).
- Update slurm to v17.11.5 (FATE#325451)
- moved config files to slurm-config package (FATE#324574).
- Updated to 17.02.9 to fix CVE-2017-15566 (bsc#1065697)
- Changed /var/run path for slurm daemons to /var/run/slurm (FATE#324026)
- Move wrapper script mpiexec provided by slrum-torque to mpiexec.slurm to avoid conflicts. This file is normally provided by the MPI implementation (bsc#1041706).
- Spec file: Replace "Requires : slurm-perlapi" by "Requires: perl-slurm = %{version}" (bsc#1031872)
- Required for FATE#316379.
</description>
</patchinfo>
