Security update for slurm_20_02 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3477-1 Final 1 1 2022-09-30T10:03:16Z current 2022-09-30T10:03:16Z 2022-09-30T10:03:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm_20_02 This update for slurm_20_02 fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Bugfixes: - Fixed qstat error message (torque wrapper) (bsc#1186646). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3477,SUSE-SLE-Module-HPC-12-2022-3477 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223477-1/ Link for SUSE-SU-2022:3477-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012461.html E-Mail link for SUSE-SU-2022:3477-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186646 SUSE Bug 1186646 https://bugzilla.suse.com/1199278 SUSE Bug 1199278 https://bugzilla.suse.com/1199279 SUSE Bug 1199279 https://bugzilla.suse.com/1201674 SUSE Bug 1201674 https://www.suse.com/security/cve/CVE-2022-29500/ SUSE CVE CVE-2022-29500 page https://www.suse.com/security/cve/CVE-2022-29501/ SUSE CVE CVE-2022-29501 page https://www.suse.com/security/cve/CVE-2022-31251/ SUSE CVE CVE-2022-31251 page SUSE Linux Enterprise Module for HPC 12 libnss_slurm2_20_02-20.02.7-3.14.1 libpmi0_20_02-20.02.7-3.14.1 libslurm35-20.02.7-3.14.1 perl-slurm_20_02-20.02.7-3.14.1 slurm_20_02-20.02.7-3.14.1 slurm_20_02-auth-none-20.02.7-3.14.1 slurm_20_02-config-20.02.7-3.14.1 slurm_20_02-config-man-20.02.7-3.14.1 slurm_20_02-cray-20.02.7-3.14.1 slurm_20_02-devel-20.02.7-3.14.1 slurm_20_02-doc-20.02.7-3.14.1 slurm_20_02-lua-20.02.7-3.14.1 slurm_20_02-munge-20.02.7-3.14.1 slurm_20_02-node-20.02.7-3.14.1 slurm_20_02-openlava-20.02.7-3.14.1 slurm_20_02-pam_slurm-20.02.7-3.14.1 slurm_20_02-plugins-20.02.7-3.14.1 slurm_20_02-seff-20.02.7-3.14.1 slurm_20_02-sjstat-20.02.7-3.14.1 slurm_20_02-slurmdbd-20.02.7-3.14.1 slurm_20_02-sql-20.02.7-3.14.1 slurm_20_02-sview-20.02.7-3.14.1 slurm_20_02-testsuite-20.02.7-3.14.1 slurm_20_02-torque-20.02.7-3.14.1 slurm_20_02-webdoc-20.02.7-3.14.1 libnss_slurm2_20_02-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 libpmi0_20_02-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 libslurm35-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 perl-slurm_20_02-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-auth-none-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-config-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-config-man-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-devel-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-doc-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-lua-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-munge-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-node-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-pam_slurm-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-plugins-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-slurmdbd-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-sql-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-sview-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_20_02-torque-20.02.7-3.14.1 as a component of SUSE Linux Enterprise Module for HPC 12 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. CVE-2022-29500 SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-auth-none-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-config-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-config-man-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-devel-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-doc-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-lua-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-munge-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-node-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-pam_slurm-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-plugins-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-slurmdbd-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-sql-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-sview-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-torque-20.02.7-3.14.1 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223477-1/ https://www.suse.com/security/cve/CVE-2022-29500.html CVE-2022-29500 https://bugzilla.suse.com/1199278 SUSE Bug 1199278 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. CVE-2022-29501 SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-auth-none-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-config-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-config-man-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-devel-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-doc-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-lua-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-munge-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-node-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-pam_slurm-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-plugins-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-slurmdbd-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-sql-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-sview-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-torque-20.02.7-3.14.1 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223477-1/ https://www.suse.com/security/cve/CVE-2022-29501.html CVE-2022-29501 https://bugzilla.suse.com/1199279 SUSE Bug 1199279 A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. CVE-2022-31251 SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:libpmi0_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:libslurm35-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:perl-slurm_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-auth-none-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-config-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-config-man-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-devel-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-doc-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-lua-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-munge-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-node-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-pam_slurm-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-plugins-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-slurmdbd-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-sql-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-sview-20.02.7-3.14.1 SUSE Linux Enterprise Module for HPC 12:slurm_20_02-torque-20.02.7-3.14.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223477-1/ https://www.suse.com/security/cve/CVE-2022-31251.html CVE-2022-31251 https://bugzilla.suse.com/1201674 SUSE Bug 1201674