File _patchinfo of Package patchinfo.13564

<patchinfo incident="13564">
  <issue tracker="bnc" id="1155784">VUL-0: EMBARGOED: CVE-2019-19727: slurm: slurmdbd: slurmdbd.conf has an insecure Permission by default</issue>
  <issue tracker="bnc" id="1153095">[SLURM] Due to the way we split the Packages srun is missing from the Compute Nodes</issue>
  <issue tracker="bnc" id="1140709">VUL-0: CVE-2019-12838: slurm: 19.05.1 and 18.08.8 release</issue>
  <issue tracker="bnc" id="1153259">slurm-slurmdbd postrans script fails</issue>
  <issue id="1158696" tracker="bnc">[HPC,SLURM] /var/spool/slurm has wrong ownership</issue>
  <issue tracker="bnc" id="1159692">VUL-0: CVE-2019-19728: slurm: [HPC,SLURM,CVE-2019-19728] Due to Race srun may run as User root</issue>
  <issue tracker="cve" id="2019-12838"/>
  <issue tracker="cve" id="2019-19728"/>
  <issue tracker="cve" id="2019-19727"/>
  <issue tracker="jsc" id="SLE-7342"/>
  <issue tracker="jsc" id="SLE-7341"/>
  <issue tracker="jsc" id="SLE-10800"/>
  <packager>eeich</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for slurm</summary>
  <description>This update for slurm to version 18.08.9 fixes the following issues:

Security issues fixed:

- CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692).
- CVE-2019-12838: Fixed SchedMD Slurm SQL Injection issue (bnc#1140709).
- CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784).
 
Bug fixes:

- Fix ownership of /var/spool/slurm on new installations and upgrade (bsc#1158696).
- Fix %posttrans macro _res_update to cope with added newline (bsc#1153259).
- Move srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095).
</description>
</patchinfo>