libnss_slurm2-23.02.7-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13559 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libnss_slurm2-23.02.7-1.1 on GA media These are all security issues fixed in the libnss_slurm2-23.02.7-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13559 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13559 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-49933/ SUSE CVE CVE-2023-49933 page https://www.suse.com/security/cve/CVE-2023-49935/ SUSE CVE CVE-2023-49935 page https://www.suse.com/security/cve/CVE-2023-49936/ SUSE CVE CVE-2023-49936 page https://www.suse.com/security/cve/CVE-2023-49937/ SUSE CVE CVE-2023-49937 page https://www.suse.com/security/cve/CVE-2023-49938/ SUSE CVE CVE-2023-49938 page openSUSE Tumbleweed libnss_slurm2-23.02.7-1.1 libpmi0-23.02.7-1.1 libslurm39-23.02.7-1.1 perl-slurm-23.02.7-1.1 slurm-23.02.7-1.1 slurm-auth-none-23.02.7-1.1 slurm-config-23.02.7-1.1 slurm-config-man-23.02.7-1.1 slurm-cray-23.02.7-1.1 slurm-devel-23.02.7-1.1 slurm-doc-23.02.7-1.1 slurm-hdf5-23.02.7-1.1 slurm-lua-23.02.7-1.1 slurm-munge-23.02.7-1.1 slurm-node-23.02.7-1.1 slurm-openlava-23.02.7-1.1 slurm-pam_slurm-23.02.7-1.1 slurm-plugin-ext-sensors-rrd-23.02.7-1.1 slurm-plugins-23.02.7-1.1 slurm-rest-23.02.7-1.1 slurm-seff-23.02.7-1.1 slurm-sjstat-23.02.7-1.1 slurm-slurmdbd-23.02.7-1.1 slurm-sql-23.02.7-1.1 slurm-sview-23.02.7-1.1 slurm-testsuite-23.02.7-1.1 slurm-torque-23.02.7-1.1 slurm-webdoc-23.02.7-1.1 libnss_slurm2-23.02.7-1.1 as a component of openSUSE Tumbleweed libpmi0-23.02.7-1.1 as a component of openSUSE Tumbleweed libslurm39-23.02.7-1.1 as a component of openSUSE Tumbleweed perl-slurm-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-auth-none-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-config-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-config-man-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-cray-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-devel-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-doc-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-hdf5-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-lua-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-munge-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-node-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-openlava-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-pam_slurm-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-plugin-ext-sensors-rrd-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-plugins-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-rest-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-seff-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-sjstat-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-slurmdbd-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-sql-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-sview-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-testsuite-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-torque-23.02.7-1.1 as a component of openSUSE Tumbleweed slurm-webdoc-23.02.7-1.1 as a component of openSUSE Tumbleweed An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. CVE-2023-49933 openSUSE Tumbleweed:libnss_slurm2-23.02.7-1.1 openSUSE Tumbleweed:libpmi0-23.02.7-1.1 openSUSE Tumbleweed:libslurm39-23.02.7-1.1 openSUSE Tumbleweed:perl-slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-auth-none-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-man-23.02.7-1.1 openSUSE Tumbleweed:slurm-cray-23.02.7-1.1 openSUSE Tumbleweed:slurm-devel-23.02.7-1.1 openSUSE Tumbleweed:slurm-doc-23.02.7-1.1 openSUSE Tumbleweed:slurm-hdf5-23.02.7-1.1 openSUSE Tumbleweed:slurm-lua-23.02.7-1.1 openSUSE Tumbleweed:slurm-munge-23.02.7-1.1 openSUSE Tumbleweed:slurm-node-23.02.7-1.1 openSUSE Tumbleweed:slurm-openlava-23.02.7-1.1 openSUSE Tumbleweed:slurm-pam_slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugin-ext-sensors-rrd-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugins-23.02.7-1.1 openSUSE Tumbleweed:slurm-rest-23.02.7-1.1 openSUSE Tumbleweed:slurm-seff-23.02.7-1.1 openSUSE Tumbleweed:slurm-sjstat-23.02.7-1.1 openSUSE Tumbleweed:slurm-slurmdbd-23.02.7-1.1 openSUSE Tumbleweed:slurm-sql-23.02.7-1.1 openSUSE Tumbleweed:slurm-sview-23.02.7-1.1 openSUSE Tumbleweed:slurm-testsuite-23.02.7-1.1 openSUSE Tumbleweed:slurm-torque-23.02.7-1.1 openSUSE Tumbleweed:slurm-webdoc-23.02.7-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49933.html CVE-2023-49933 https://bugzilla.suse.com/1218046 SUSE Bug 1218046 An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1. CVE-2023-49935 openSUSE Tumbleweed:libnss_slurm2-23.02.7-1.1 openSUSE Tumbleweed:libpmi0-23.02.7-1.1 openSUSE Tumbleweed:libslurm39-23.02.7-1.1 openSUSE Tumbleweed:perl-slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-auth-none-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-man-23.02.7-1.1 openSUSE Tumbleweed:slurm-cray-23.02.7-1.1 openSUSE Tumbleweed:slurm-devel-23.02.7-1.1 openSUSE Tumbleweed:slurm-doc-23.02.7-1.1 openSUSE Tumbleweed:slurm-hdf5-23.02.7-1.1 openSUSE Tumbleweed:slurm-lua-23.02.7-1.1 openSUSE Tumbleweed:slurm-munge-23.02.7-1.1 openSUSE Tumbleweed:slurm-node-23.02.7-1.1 openSUSE Tumbleweed:slurm-openlava-23.02.7-1.1 openSUSE Tumbleweed:slurm-pam_slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugin-ext-sensors-rrd-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugins-23.02.7-1.1 openSUSE Tumbleweed:slurm-rest-23.02.7-1.1 openSUSE Tumbleweed:slurm-seff-23.02.7-1.1 openSUSE Tumbleweed:slurm-sjstat-23.02.7-1.1 openSUSE Tumbleweed:slurm-slurmdbd-23.02.7-1.1 openSUSE Tumbleweed:slurm-sql-23.02.7-1.1 openSUSE Tumbleweed:slurm-sview-23.02.7-1.1 openSUSE Tumbleweed:slurm-testsuite-23.02.7-1.1 openSUSE Tumbleweed:slurm-torque-23.02.7-1.1 openSUSE Tumbleweed:slurm-webdoc-23.02.7-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49935.html CVE-2023-49935 https://bugzilla.suse.com/1218049 SUSE Bug 1218049 An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. CVE-2023-49936 openSUSE Tumbleweed:libnss_slurm2-23.02.7-1.1 openSUSE Tumbleweed:libpmi0-23.02.7-1.1 openSUSE Tumbleweed:libslurm39-23.02.7-1.1 openSUSE Tumbleweed:perl-slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-auth-none-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-man-23.02.7-1.1 openSUSE Tumbleweed:slurm-cray-23.02.7-1.1 openSUSE Tumbleweed:slurm-devel-23.02.7-1.1 openSUSE Tumbleweed:slurm-doc-23.02.7-1.1 openSUSE Tumbleweed:slurm-hdf5-23.02.7-1.1 openSUSE Tumbleweed:slurm-lua-23.02.7-1.1 openSUSE Tumbleweed:slurm-munge-23.02.7-1.1 openSUSE Tumbleweed:slurm-node-23.02.7-1.1 openSUSE Tumbleweed:slurm-openlava-23.02.7-1.1 openSUSE Tumbleweed:slurm-pam_slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugin-ext-sensors-rrd-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugins-23.02.7-1.1 openSUSE Tumbleweed:slurm-rest-23.02.7-1.1 openSUSE Tumbleweed:slurm-seff-23.02.7-1.1 openSUSE Tumbleweed:slurm-sjstat-23.02.7-1.1 openSUSE Tumbleweed:slurm-slurmdbd-23.02.7-1.1 openSUSE Tumbleweed:slurm-sql-23.02.7-1.1 openSUSE Tumbleweed:slurm-sview-23.02.7-1.1 openSUSE Tumbleweed:slurm-testsuite-23.02.7-1.1 openSUSE Tumbleweed:slurm-torque-23.02.7-1.1 openSUSE Tumbleweed:slurm-webdoc-23.02.7-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49936.html CVE-2023-49936 https://bugzilla.suse.com/1218050 SUSE Bug 1218050 An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. CVE-2023-49937 openSUSE Tumbleweed:libnss_slurm2-23.02.7-1.1 openSUSE Tumbleweed:libpmi0-23.02.7-1.1 openSUSE Tumbleweed:libslurm39-23.02.7-1.1 openSUSE Tumbleweed:perl-slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-auth-none-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-man-23.02.7-1.1 openSUSE Tumbleweed:slurm-cray-23.02.7-1.1 openSUSE Tumbleweed:slurm-devel-23.02.7-1.1 openSUSE Tumbleweed:slurm-doc-23.02.7-1.1 openSUSE Tumbleweed:slurm-hdf5-23.02.7-1.1 openSUSE Tumbleweed:slurm-lua-23.02.7-1.1 openSUSE Tumbleweed:slurm-munge-23.02.7-1.1 openSUSE Tumbleweed:slurm-node-23.02.7-1.1 openSUSE Tumbleweed:slurm-openlava-23.02.7-1.1 openSUSE Tumbleweed:slurm-pam_slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugin-ext-sensors-rrd-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugins-23.02.7-1.1 openSUSE Tumbleweed:slurm-rest-23.02.7-1.1 openSUSE Tumbleweed:slurm-seff-23.02.7-1.1 openSUSE Tumbleweed:slurm-sjstat-23.02.7-1.1 openSUSE Tumbleweed:slurm-slurmdbd-23.02.7-1.1 openSUSE Tumbleweed:slurm-sql-23.02.7-1.1 openSUSE Tumbleweed:slurm-sview-23.02.7-1.1 openSUSE Tumbleweed:slurm-testsuite-23.02.7-1.1 openSUSE Tumbleweed:slurm-torque-23.02.7-1.1 openSUSE Tumbleweed:slurm-webdoc-23.02.7-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49937.html CVE-2023-49937 https://bugzilla.suse.com/1218051 SUSE Bug 1218051 An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7. CVE-2023-49938 openSUSE Tumbleweed:libnss_slurm2-23.02.7-1.1 openSUSE Tumbleweed:libpmi0-23.02.7-1.1 openSUSE Tumbleweed:libslurm39-23.02.7-1.1 openSUSE Tumbleweed:perl-slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-auth-none-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-23.02.7-1.1 openSUSE Tumbleweed:slurm-config-man-23.02.7-1.1 openSUSE Tumbleweed:slurm-cray-23.02.7-1.1 openSUSE Tumbleweed:slurm-devel-23.02.7-1.1 openSUSE Tumbleweed:slurm-doc-23.02.7-1.1 openSUSE Tumbleweed:slurm-hdf5-23.02.7-1.1 openSUSE Tumbleweed:slurm-lua-23.02.7-1.1 openSUSE Tumbleweed:slurm-munge-23.02.7-1.1 openSUSE Tumbleweed:slurm-node-23.02.7-1.1 openSUSE Tumbleweed:slurm-openlava-23.02.7-1.1 openSUSE Tumbleweed:slurm-pam_slurm-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugin-ext-sensors-rrd-23.02.7-1.1 openSUSE Tumbleweed:slurm-plugins-23.02.7-1.1 openSUSE Tumbleweed:slurm-rest-23.02.7-1.1 openSUSE Tumbleweed:slurm-seff-23.02.7-1.1 openSUSE Tumbleweed:slurm-sjstat-23.02.7-1.1 openSUSE Tumbleweed:slurm-slurmdbd-23.02.7-1.1 openSUSE Tumbleweed:slurm-sql-23.02.7-1.1 openSUSE Tumbleweed:slurm-sview-23.02.7-1.1 openSUSE Tumbleweed:slurm-testsuite-23.02.7-1.1 openSUSE Tumbleweed:slurm-torque-23.02.7-1.1 openSUSE Tumbleweed:slurm-webdoc-23.02.7-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49938.html CVE-2023-49938 https://bugzilla.suse.com/1218053 SUSE Bug 1218053