Security update for slurm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2989-1 Final 1 1 2019-11-15T13:10:55Z current 2019-11-15T13:10:55Z 2019-11-15T13:10:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm fixes the following issues: Security issue fixed: - CVE-2019-12838: Fixed an SQL injection (bsc#1140709). Non-security issue fixed: - Added X11-forwarding (bsc#1153245). - Moved srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-2989,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2989,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2989,SUSE-SLE-Module-HPC-15-2019-2989,SUSE-SLE-Module-HPC-15-SP1-2019-2989 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192989-1/ Link for SUSE-SU-2019:2989-1 https://lists.suse.com/pipermail/sle-security-updates/2019-November/006149.html E-Mail link for SUSE-SU-2019:2989-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1140709 SUSE Bug 1140709 https://bugzilla.suse.com/1153095 SUSE Bug 1153095 https://bugzilla.suse.com/1153245 SUSE Bug 1153245 https://www.suse.com/security/cve/CVE-2019-12838/ SUSE CVE CVE-2019-12838 page SUSE Linux Enterprise Module for HPC 15 SUSE Linux Enterprise Module for HPC 15 SP1 libpmi0-17.11.13-6.18.1 libslurm32-17.11.13-6.18.1 perl-slurm-17.11.13-6.18.1 slurm-17.11.13-6.18.1 slurm-auth-none-17.11.13-6.18.1 slurm-config-17.11.13-6.18.1 slurm-devel-17.11.13-6.18.1 slurm-doc-17.11.13-6.18.1 slurm-lua-17.11.13-6.18.1 slurm-munge-17.11.13-6.18.1 slurm-node-17.11.13-6.18.1 slurm-openlava-17.11.13-6.18.1 slurm-pam_slurm-17.11.13-6.18.1 slurm-plugins-17.11.13-6.18.1 slurm-seff-17.11.13-6.18.1 slurm-sjstat-17.11.13-6.18.1 slurm-slurmdbd-17.11.13-6.18.1 slurm-sql-17.11.13-6.18.1 slurm-sview-17.11.13-6.18.1 slurm-torque-17.11.13-6.18.1 libpmi0-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 libslurm32-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 perl-slurm-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-auth-none-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-config-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-devel-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-doc-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-lua-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-munge-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-node-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-pam_slurm-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-plugins-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-slurmdbd-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-sql-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 slurm-torque-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 libslurm32-17.11.13-6.18.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP1 SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. CVE-2019-12838 SUSE Linux Enterprise Module for HPC 15 SP1:libslurm32-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:libpmi0-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:libslurm32-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:perl-slurm-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-auth-none-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-config-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-devel-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-doc-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-lua-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-munge-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-node-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-pam_slurm-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-plugins-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-slurmdbd-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-sql-17.11.13-6.18.1 SUSE Linux Enterprise Module for HPC 15:slurm-torque-17.11.13-6.18.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192989-1/ https://www.suse.com/security/cve/CVE-2019-12838.html CVE-2019-12838 https://bugzilla.suse.com/1140709 SUSE Bug 1140709