libnss_slurm2-21.08.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11389-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libnss_slurm2-21.08.1-1.1 on GA media These are all security issues fixed in the libnss_slurm2-21.08.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11389 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-10030/ SUSE CVE CVE-2016-10030 page https://www.suse.com/security/cve/CVE-2017-15566/ SUSE CVE CVE-2017-15566 page https://www.suse.com/security/cve/CVE-2018-10995/ SUSE CVE CVE-2018-10995 page https://www.suse.com/security/cve/CVE-2018-7033/ SUSE CVE CVE-2018-7033 page https://www.suse.com/security/cve/CVE-2019-12838/ SUSE CVE CVE-2019-12838 page https://www.suse.com/security/cve/CVE-2019-19727/ SUSE CVE CVE-2019-19727 page https://www.suse.com/security/cve/CVE-2019-19728/ SUSE CVE CVE-2019-19728 page https://www.suse.com/security/cve/CVE-2019-6438/ SUSE CVE CVE-2019-6438 page https://www.suse.com/security/cve/CVE-2020-12693/ SUSE CVE CVE-2020-12693 page https://www.suse.com/security/cve/CVE-2020-27745/ SUSE CVE CVE-2020-27745 page https://www.suse.com/security/cve/CVE-2020-27746/ SUSE CVE CVE-2020-27746 page https://www.suse.com/security/cve/CVE-2021-31215/ SUSE CVE CVE-2021-31215 page openSUSE Tumbleweed libnss_slurm2-21.08.1-1.1 libpmi0-21.08.1-1.1 libslurm37-21.08.1-1.1 perl-slurm-21.08.1-1.1 slurm-21.08.1-1.1 slurm-auth-none-21.08.1-1.1 slurm-config-21.08.1-1.1 slurm-config-man-21.08.1-1.1 slurm-cray-21.08.1-1.1 slurm-devel-21.08.1-1.1 slurm-doc-21.08.1-1.1 slurm-hdf5-21.08.1-1.1 slurm-lua-21.08.1-1.1 slurm-munge-21.08.1-1.1 slurm-node-21.08.1-1.1 slurm-openlava-21.08.1-1.1 slurm-pam_slurm-21.08.1-1.1 slurm-plugins-21.08.1-1.1 slurm-rest-21.08.1-1.1 slurm-seff-21.08.1-1.1 slurm-sjstat-21.08.1-1.1 slurm-slurmdbd-21.08.1-1.1 slurm-sql-21.08.1-1.1 slurm-sview-21.08.1-1.1 slurm-torque-21.08.1-1.1 slurm-webdoc-21.08.1-1.1 libnss_slurm2-21.08.1-1.1 as a component of openSUSE Tumbleweed libpmi0-21.08.1-1.1 as a component of openSUSE Tumbleweed libslurm37-21.08.1-1.1 as a component of openSUSE Tumbleweed perl-slurm-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-auth-none-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-config-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-config-man-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-cray-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-devel-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-doc-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-hdf5-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-lua-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-munge-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-node-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-openlava-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-pam_slurm-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-plugins-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-rest-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-seff-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-sjstat-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-slurmdbd-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-sql-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-sview-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-torque-21.08.1-1.1 as a component of openSUSE Tumbleweed slurm-webdoc-21.08.1-1.1 as a component of openSUSE Tumbleweed The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue. CVE-2016-10030 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10030.html CVE-2016-10030 https://bugzilla.suse.com/1018371 SUSE Bug 1018371 Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. CVE-2017-15566 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15566.html CVE-2017-15566 https://bugzilla.suse.com/1065697 SUSE Bug 1065697 SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). CVE-2018-10995 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10995.html CVE-2018-10995 https://bugzilla.suse.com/1095508 SUSE Bug 1095508 SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. CVE-2018-7033 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7033.html CVE-2018-7033 https://bugzilla.suse.com/1085240 SUSE Bug 1085240 SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. CVE-2019-12838 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12838.html CVE-2019-12838 https://bugzilla.suse.com/1140709 SUSE Bug 1140709 SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. CVE-2019-19727 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19727.html CVE-2019-19727 https://bugzilla.suse.com/1155784 SUSE Bug 1155784 SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. CVE-2019-19728 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19728.html CVE-2019-19728 https://bugzilla.suse.com/1155784 SUSE Bug 1155784 https://bugzilla.suse.com/1159692 SUSE Bug 1159692 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. CVE-2019-6438 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6438.html CVE-2019-6438 https://bugzilla.suse.com/1123304 SUSE Bug 1123304 Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. CVE-2020-12693 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12693.html CVE-2020-12693 https://bugzilla.suse.com/1172004 SUSE Bug 1172004 https://bugzilla.suse.com/1173804 SUSE Bug 1173804 Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. CVE-2020-27745 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27745.html CVE-2020-27745 https://bugzilla.suse.com/1178890 SUSE Bug 1178890 Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. CVE-2020-27746 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27746.html CVE-2020-27746 https://bugzilla.suse.com/1178891 SUSE Bug 1178891 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. CVE-2021-31215 openSUSE Tumbleweed:libnss_slurm2-21.08.1-1.1 openSUSE Tumbleweed:libpmi0-21.08.1-1.1 openSUSE Tumbleweed:libslurm37-21.08.1-1.1 openSUSE Tumbleweed:perl-slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-auth-none-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-21.08.1-1.1 openSUSE Tumbleweed:slurm-config-man-21.08.1-1.1 openSUSE Tumbleweed:slurm-cray-21.08.1-1.1 openSUSE Tumbleweed:slurm-devel-21.08.1-1.1 openSUSE Tumbleweed:slurm-doc-21.08.1-1.1 openSUSE Tumbleweed:slurm-hdf5-21.08.1-1.1 openSUSE Tumbleweed:slurm-lua-21.08.1-1.1 openSUSE Tumbleweed:slurm-munge-21.08.1-1.1 openSUSE Tumbleweed:slurm-node-21.08.1-1.1 openSUSE Tumbleweed:slurm-openlava-21.08.1-1.1 openSUSE Tumbleweed:slurm-pam_slurm-21.08.1-1.1 openSUSE Tumbleweed:slurm-plugins-21.08.1-1.1 openSUSE Tumbleweed:slurm-rest-21.08.1-1.1 openSUSE Tumbleweed:slurm-seff-21.08.1-1.1 openSUSE Tumbleweed:slurm-sjstat-21.08.1-1.1 openSUSE Tumbleweed:slurm-slurmdbd-21.08.1-1.1 openSUSE Tumbleweed:slurm-sql-21.08.1-1.1 openSUSE Tumbleweed:slurm-sview-21.08.1-1.1 openSUSE Tumbleweed:slurm-torque-21.08.1-1.1 openSUSE Tumbleweed:slurm-webdoc-21.08.1-1.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-31215.html CVE-2021-31215 https://bugzilla.suse.com/1186024 SUSE Bug 1186024