Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

openSUSE Leap 15.0: Security Update For Slurm (CVE-2018-10995)

opensuse
Calendar Grey July 14, 2018
Dist Opensuse Esm H88
An enhancement for slurm resolves a user management concern of intermediate importance on openSUSE. Be sure to refresh your system.
An update that solves one vulnerability and has one errata is now available.

Description

This update for slurm to version 17.11.7 fixes the following issues:

This security issue was fixed:

- CVE-2018-10995: Ensure correct handling of user names and group ids

(bsc#1095508).

These non-security issues were fixed:

- CRAY - Add slurmsmwd to the contribs/cray dir

- PMIX - Added the direct connect authentication.

- Prevent the backup slurmctld from losing the active/available node

features list on takeover.

- Be able to force power_down of cloud node even if in power_save state.

- Allow cloud nodes to be recognized in Slurm when booted out of band.

- Notify srun and ctld when unkillable stepd exits.

- Fixes daemoniziation in newly introduced slurmsmwd daemon.

The following tracked packaging changes are included:

- avoid postun error in libpmi0 (bsc#1100850)

This update was imported from the SUSE:SLE-15:Update update project.

Topics%20covered

Topics Covered

security advisory software update moderate severity openSUSE patch instructions slurm user handling issue

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-729=1

Package List

- openSUSE Leap 15.0 (x86_64):

libpmi0-17.11.7-lp150.5.7.1

libpmi0-debuginfo-17.11.7-lp150.5.7.1

libslurm32-17.11.7-lp150.5.7.1

libslurm32-debuginfo-17.11.7-lp150.5.7.1

perl-slurm-17.11.7-lp150.5.7.1

perl-slurm-debuginfo-17.11.7-lp150.5.7.1

slurm-17.11.7-lp150.5.7.1

slurm-auth-none-17.11.7-lp150.5.7.1

slurm-auth-none-debuginfo-17.11.7-lp150.5.7.1

slurm-config-17.11.7-lp150.5.7.1

slurm-debuginfo-17.11.7-lp150.5.7.1

slurm-debugsource-17.11.7-lp150.5.7.1

slurm-devel-17.11.7-lp150.5.7.1

slurm-doc-17.11.7-lp150.5.7.1

slurm-lua-17.11.7-lp150.5.7.1

slurm-lua-debuginfo-17.11.7-lp150.5.7.1

slurm-munge-17.11.7-lp150.5.7.1

slurm-munge-debuginfo-17.11.7-lp150.5.7.1

slurm-node-17.11.7-lp150.5.7.1

slurm-node-debuginfo-17.11.7-lp150.5.7.1

slurm-openlava-17.11.7-lp150.5.7.1

slurm-pam_slurm-17.11.7-lp150.5.7.1

slurm-pam_slurm-debuginfo-17.11.7-lp150.5.7.1

slurm-plugins-17.11.7-lp150.5.7.1

slurm-plugins-debuginfo-17.11.7-lp150.5.7.1

slurm-seff-17.11.7-lp150.5.7.1

slurm-sjstat-17.11.7-lp150.5.7.1

slurm-slurmdbd-17.11.7-lp150.5.7.1

s...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-10995.html

https://bugzilla.suse.com/1095508

https://bugzilla.suse.com/1100850

--

Announcement ID: openSUSE-SU-2018:1955-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory software update moderate severity openSUSE patch instructions slurm user handling issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here