Security update for slurm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1955-1 Final 1 1 2018-07-13T18:16:03Z current 2018-07-13T18:16:03Z 2018-07-13T18:16:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm to version 17.11.7 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure correct handling of user names and group ids (bsc#1095508). These non-security issues were fixed: - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct connect authentication. - Prevent the backup slurmctld from losing the active/available node features list on takeover. - Be able to force power_down of cloud node even if in power_save state. - Allow cloud nodes to be recognized in Slurm when booted out of band. - Notify srun and ctld when unkillable stepd exits. - Fixes daemoniziation in newly introduced slurmsmwd daemon. The following tracked packaging changes are included: - avoid postun error in libpmi0 (bsc#1100850) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00016.html E-Mail link for openSUSE-SU-2018:1955-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libpmi0-17.11.7-lp150.5.7.1 libslurm32-17.11.7-lp150.5.7.1 perl-slurm-17.11.7-lp150.5.7.1 slurm-17.11.7-lp150.5.7.1 slurm-auth-none-17.11.7-lp150.5.7.1 slurm-config-17.11.7-lp150.5.7.1 slurm-devel-17.11.7-lp150.5.7.1 slurm-doc-17.11.7-lp150.5.7.1 slurm-lua-17.11.7-lp150.5.7.1 slurm-munge-17.11.7-lp150.5.7.1 slurm-node-17.11.7-lp150.5.7.1 slurm-openlava-17.11.7-lp150.5.7.1 slurm-pam_slurm-17.11.7-lp150.5.7.1 slurm-plugins-17.11.7-lp150.5.7.1 slurm-seff-17.11.7-lp150.5.7.1 slurm-sjstat-17.11.7-lp150.5.7.1 slurm-slurmdbd-17.11.7-lp150.5.7.1 slurm-sql-17.11.7-lp150.5.7.1 slurm-sview-17.11.7-lp150.5.7.1 slurm-torque-17.11.7-lp150.5.7.1 libpmi0-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 libslurm32-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 perl-slurm-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-auth-none-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-config-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-devel-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-doc-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-lua-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-munge-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-node-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-openlava-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-pam_slurm-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-plugins-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-seff-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-sjstat-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-slurmdbd-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-sql-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-sview-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 slurm-torque-17.11.7-lp150.5.7.1 as a component of openSUSE Leap 15.0 SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). CVE-2018-10995 openSUSE Leap 15.0:libpmi0-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:libslurm32-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:perl-slurm-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-auth-none-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-config-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-devel-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-doc-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-lua-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-munge-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-node-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-openlava-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-pam_slurm-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-plugins-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-seff-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-sjstat-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-slurmdbd-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-sql-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-sview-17.11.7-lp150.5.7.1 openSUSE Leap 15.0:slurm-torque-17.11.7-lp150.5.7.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00016.html https://www.suse.com/security/cve/CVE-2018-10995.html CVE-2018-10995 https://bugzilla.suse.com/1095508 SUSE Bug 1095508