Security update for slurm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4116-1 Final 1 1 2023-10-18T13:14:41Z current 2023-10-18T13:14:41Z 2023-10-18T13:14:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm fixes the following issues: - CVE-2023-41914: Fixed several filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file (bsc#1216207). Non-security fixes: - Fixed dependency issues that could arise during an upgrade (bsc#1208810). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4116,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4116 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234116-1/ Link for SUSE-SU-2023:4116-1 https://lists.suse.com/pipermail/sle-security-updates/2023-October/016731.html E-Mail link for SUSE-SU-2023:4116-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208810 SUSE Bug 1208810 https://bugzilla.suse.com/1216207 SUSE Bug 1216207 https://www.suse.com/security/cve/CVE-2023-41914/ SUSE CVE CVE-2023-41914 page SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libnss_slurm2-20.02.7-150200.3.17.1 libpmi0-20.02.7-150200.3.17.1 libslurm35-20.02.7-150200.3.17.1 perl-slurm-20.02.7-150200.3.17.1 slurm-20.02.7-150200.3.17.1 slurm-auth-none-20.02.7-150200.3.17.1 slurm-config-20.02.7-150200.3.17.1 slurm-config-man-20.02.7-150200.3.17.1 slurm-cray-20.02.7-150200.3.17.1 slurm-devel-20.02.7-150200.3.17.1 slurm-doc-20.02.7-150200.3.17.1 slurm-hdf5-20.02.7-150200.3.17.1 slurm-lua-20.02.7-150200.3.17.1 slurm-munge-20.02.7-150200.3.17.1 slurm-node-20.02.7-150200.3.17.1 slurm-openlava-20.02.7-150200.3.17.1 slurm-pam_slurm-20.02.7-150200.3.17.1 slurm-plugins-20.02.7-150200.3.17.1 slurm-rest-20.02.7-150200.3.17.1 slurm-seff-20.02.7-150200.3.17.1 slurm-sjstat-20.02.7-150200.3.17.1 slurm-slurmdbd-20.02.7-150200.3.17.1 slurm-sql-20.02.7-150200.3.17.1 slurm-sview-20.02.7-150200.3.17.1 slurm-testsuite-20.02.7-150200.3.17.1 slurm-torque-20.02.7-150200.3.17.1 slurm-webdoc-20.02.7-150200.3.17.1 libnss_slurm2-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libpmi0-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libslurm35-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS perl-slurm-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-auth-none-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-config-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-config-man-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-devel-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-doc-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-lua-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-munge-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-node-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-pam_slurm-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-plugins-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-slurmdbd-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-sql-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-sview-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-torque-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS slurm-webdoc-20.02.7-150200.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. CVE-2023-41914 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm35-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-auth-none-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-config-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-config-man-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-devel-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-doc-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-lua-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-munge-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-node-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-pam_slurm-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-plugins-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-slurmdbd-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-sql-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-sview-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-torque-20.02.7-150200.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:slurm-webdoc-20.02.7-150200.3.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234116-1/ https://www.suse.com/security/cve/CVE-2023-41914.html CVE-2023-41914 https://bugzilla.suse.com/1216207 SUSE Bug 1216207