Feature update for slurm and pdsh SUSE Patch security@suse.de SUSE Security Team SUSE-FU-2025:0661-1 Final 1 1 2025-02-24T02:11:30Z current 2025-02-24T02:11:30Z 2025-02-24T02:11:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Feature update for slurm and pdsh This update for slurm and pdsh fixes the following issues: slurm was updated to version 24.11.1 using package slurm_24_11: - Security issues fixed: * CVE-2024-48936: Fixed authentication handling in stepmgr that could permit an attacker to execute processes under other users' jobs (bsc#1236722) * CVE-2024-42511: Fixed vulnerability with switch plugins where a user could override the isolation between Slingshot VNIs or IMEX channels (bsc#1236726) - Important remarks: * Slurm can be upgraded from version 23.02, 23.11 or 24.05 to version 24.11 without loss of jobs or other state information. Upgrading directly from an earlier version of Slurm will result in loss of state information. * If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first. * The 24.11 `slurmdbd` will work with Slurm daemons of version 23.02 and above. You will not need to update all clusters at the same time, but it is very important to update `slurmdbd` first and having it running before updating any other clusters making use of it. * If using a backup DBD you must start the primary first to do any database conversion, the backup will not start until this has happened. * All SPANK plugins must be recompiled when upgrading from any Slurm version prior to 24.11. - Highlights of changes: * Fixed issues related to the modified startup handling for slurmdbd: moved PID file to `/run/slurmdbd` (bsc#1236928) * Create slurm-owned log file on behalf of slurmdbd (bsc#1236929) * Added report AccountUtilizationByQOS to sreport. * `AccountUtilizationByUser` is able to be filtered by QOS. * Added autodetected gpus to the output of `slurmd -C` * Added ability to submit jobs with multiple QOS. These are sorted by priority highest being the first. * Removed the instant on feature from `switch/hpe_slingshot`. * `slurmctld` : Changed incoming RPC handling to dedicated thread pool with asynchronous handling of I/O that can be configured via `conmgr_*` entries under `SlurmctldParameters` in `slurm.conf`. - Configuration File Changes (see appropriate man page for details) * Added `SchedulerParameters=bf_allow_magnetic_slot` option. It allows jobs in magnetic reservations to be planned by backfill scheduler. * Added `TopologyParam=TopoMaxSizeUnroll=#` to allow `--nodes=<min>-<max>` for `topology/block`. * Added `DataParserParameters` `slurm.conf` parameter to allow setting default value for CLI `--json` and `--yaml` arguments. * Hardware collectives in `switch/hpe_slingshot` now requires `enable_stepmgr`. * Added connection related parameters to `slurm.conf` under `SlurmctldParameters`: `conmgr_max_connections`: Defaults to 150 connections. `conmgr_threads`: Defaults to 64 threads for slurmctld. `conmgr_use_poll`: Defaults is to use epoll in Linux. `conmgr_connect_timeout`: Defaults to `MessageTimeout`. `conmgr_read_timeout`: Defaults to `MessageTimeout`. `conmgr_wait_write_delay`: Defaults to `MessageTimeout`. `conmgr_write_timeout`: Defaults to MessageTimeout. * Added `SlurmctldParamters=ignore_constraint_validation` to ignore `constraint/feature` validation at submission. * Added `SchedulerParameters=bf_topopt_enable` option to enable experimental hook to control backfill. - Command Changes (see man pages for details): * Remove srun `--cpu-bind=rank`. * Add `'%b'` as a file name pattern for the array task id modulo 10. * `sacct` : Respect `--noheader` for `--batch-script` and `--env-vars`. * Add `sacctmgr ping` command to query status of `slurmdbd`. * `sbcast` : Add `--nodelist` option to specify where files are transmitted to * `sbcast` : Add `--no-allocation` option to transmit files to nodes outside of a job allocation. * `slurmdbd` : Add `-u` option. This is used to determine if restarting the DBD will result in database conversion. * Remove `salloc --get-user-env`. * `scontrol` : Add `--json`/`--yaml` support to `listpids`. * `scontrol` : Add `liststeps`. * `scontrol` : Add `listjobs`. * `scontrol show topo` : Show aggregated block sizes when using topology/block. - API Changes: * Remove `burst_buffer/lua` call `slurm.job_info_to_string()`. * `job_submit/lua` : Add `assoc_qos` attribute to `job_desc` to display all potential QOS's for a job's association. * `job_submit/lua` : Add `slurm.get_qos_priority()` function to retrieve the given QOS's priority. - SLURMRESTD Changes: * Removed fields deprecated in the Slurm-23.11 release from v0.0.42 endpoints. * Removed v0.0.39 plugins. * Set `data_parser/v0.0.42+prefer_refs` flag to default. * Add `data_parser/v0.0.42+minimize_refs` flag to inline single referenced schemas in the OpenAPI schema to get default behavior of `data_parser/v0.0.41`. * Rename v0.0.42 `JOB_INFO` field `minimum_switches` to `required_switches` to reflect the actual behavior. * Rename v0.0.42 `ACCOUNT_CONDITION` field `assocation` to `association` (typo). * Tag `slurmdb/v0.0.42/jobs pid` field deprecated. - For details on the changes in this version update, consult Slurm 24.11 changelog pdsh was updated from version 2.34 to 2.35: - IMPORTANT NOTE: pdsh version 2.35 is not compatible with Slurm versions below 20.11 - Key changes of version 2.35: * Added `-d` option to log errors * build: use LDADD instead of LDFLAGS for libcommon.la * dsbak: fixed handling of empty input lines * ssh: fixed sshcmd_signal on macos - Other changes: * Fixed version test for munge build (bsc#1236156) * Dropped Slurm support for s390x and i586: Slurm no longer builds for s390x or 32bit * Implementation of package `pdsh-slurm_24_11` compatible with Slurm 24.11 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-661,SUSE-SLE-Module-HPC-12-2025-661 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/-2025-661/suse-fu-20250661-1/ Link for SUSE-FU-2025:0661-1 https://lists.suse.com/pipermail/sle-updates/2025-February/038528.html E-Mail link for SUSE-FU-2025:0661-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236156 SUSE Bug 1236156 https://bugzilla.suse.com/1236722 SUSE Bug 1236722 https://bugzilla.suse.com/1236726 SUSE Bug 1236726 https://bugzilla.suse.com/1236928 SUSE Bug 1236928 https://bugzilla.suse.com/1236929 SUSE Bug 1236929 https://www.suse.com/security/cve/CVE-2024-42511/ SUSE CVE CVE-2024-42511 page https://www.suse.com/security/cve/CVE-2024-48936/ SUSE CVE CVE-2024-48936 page SUSE Linux Enterprise Module for HPC 12 libnss_slurm2_24_11-24.11.1-3.5.3 libpmi0_24_11-24.11.1-3.5.3 libslurm42-24.11.1-3.5.3 pdsh-2.35-7.44.1 pdsh-dshgroup-2.35-7.44.1 pdsh-genders-2.35-7.44.1 pdsh-machines-2.35-7.44.1 pdsh-netgroup-2.35-7.44.1 pdsh-slurm-2.35-7.44.1 pdsh-slurm_20_11-2.35-7.44.1 pdsh-slurm_22_05-2.35-7.44.1 pdsh-slurm_23_02-2.35-7.44.1 pdsh-slurm_24_11-2.35-7.44.4 perl-slurm_24_11-24.11.1-3.5.3 slurm_24_11-24.11.1-3.5.3 slurm_24_11-auth-none-24.11.1-3.5.3 slurm_24_11-config-24.11.1-3.5.3 slurm_24_11-config-man-24.11.1-3.5.3 slurm_24_11-cray-24.11.1-3.5.3 slurm_24_11-devel-24.11.1-3.5.3 slurm_24_11-doc-24.11.1-3.5.3 slurm_24_11-lua-24.11.1-3.5.3 slurm_24_11-munge-24.11.1-3.5.3 slurm_24_11-node-24.11.1-3.5.3 slurm_24_11-openlava-24.11.1-3.5.3 slurm_24_11-pam_slurm-24.11.1-3.5.3 slurm_24_11-plugins-24.11.1-3.5.3 slurm_24_11-seff-24.11.1-3.5.3 slurm_24_11-sjstat-24.11.1-3.5.3 slurm_24_11-slurmdbd-24.11.1-3.5.3 slurm_24_11-sql-24.11.1-3.5.3 slurm_24_11-sview-24.11.1-3.5.3 slurm_24_11-testsuite-24.11.1-3.5.3 slurm_24_11-torque-24.11.1-3.5.3 slurm_24_11-webdoc-24.11.1-3.5.3 libnss_slurm2_24_11-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 libpmi0_24_11-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 libslurm42-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-dshgroup-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-genders-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-machines-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-netgroup-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-slurm_20_11-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-slurm_22_05-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-slurm_23_02-2.35-7.44.1 as a component of SUSE Linux Enterprise Module for HPC 12 pdsh-slurm_24_11-2.35-7.44.4 as a component of SUSE Linux Enterprise Module for HPC 12 perl-slurm_24_11-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-auth-none-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-config-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-config-man-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-cray-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-devel-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-doc-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-lua-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-munge-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-node-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-pam_slurm-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-plugins-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-slurmdbd-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-sql-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-sview-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-torque-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 slurm_24_11-webdoc-24.11.1-3.5.3 as a component of SUSE Linux Enterprise Module for HPC 12 unknown CVE-2024-42511 SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:libpmi0_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:libslurm42-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:pdsh-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-dshgroup-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-genders-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-machines-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-netgroup-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_20_11-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_22_05-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_23_02-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_24_11-2.35-7.44.4 SUSE Linux Enterprise Module for HPC 12:perl-slurm_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-auth-none-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-config-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-config-man-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-cray-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-devel-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-doc-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-lua-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-munge-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-node-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-pam_slurm-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-plugins-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-slurmdbd-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-sql-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-sview-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-torque-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-webdoc-24.11.1-3.5.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2025-661/suse-fu-20250661-1/ https://www.suse.com/security/cve/CVE-2024-42511.html CVE-2024-42511 https://bugzilla.suse.com/1236726 SUSE Bug 1236726 SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration. CVE-2024-48936 SUSE Linux Enterprise Module for HPC 12:libnss_slurm2_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:libpmi0_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:libslurm42-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:pdsh-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-dshgroup-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-genders-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-machines-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-netgroup-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_20_11-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_22_05-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_23_02-2.35-7.44.1 SUSE Linux Enterprise Module for HPC 12:pdsh-slurm_24_11-2.35-7.44.4 SUSE Linux Enterprise Module for HPC 12:perl-slurm_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-auth-none-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-config-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-config-man-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-cray-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-devel-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-doc-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-lua-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-munge-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-node-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-pam_slurm-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-plugins-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-slurmdbd-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-sql-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-sview-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-torque-24.11.1-3.5.3 SUSE Linux Enterprise Module for HPC 12:slurm_24_11-webdoc-24.11.1-3.5.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2025-661/suse-fu-20250661-1/ https://www.suse.com/security/cve/CVE-2024-48936.html CVE-2024-48936 https://bugzilla.suse.com/1236722 SUSE Bug 1236722