Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE: 2020:2056-1 Important: Slurm Buffer Overflow and Leak

opensuse
Calendar Grey November 26, 2020
Dist Opensuse Esm H88
Urgent announcement for SLE points out two major vulnerabilities tied to slurm. Ensure your system's safety by applying the newest update.
An update that solves two vulnerabilities and has one errata is now available.

Description

This update for slurm fixes the following issues:

- Updated to 20.02.6:

* CVE-2020-27745: PMIx - fix potential buffer overflows from use of

unpackmem() (bsc#1178890).

* CVE-2020-27746: X11 forwarding - fix potential leak of the magic

cookie when sent as an argument to the xauth command (bsc#1178891).

* Added support for openPMIx (bsc#1173805).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Topics%20covered

Topics Covered

security advisory update buffer overflow important openSUSE leak slurm

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2056=1

Package List

- openSUSE Leap 15.2 (x86_64):

libnss_slurm2-20.02.6-lp152.2.3.1

libnss_slurm2-debuginfo-20.02.6-lp152.2.3.1

libpmi0-20.02.6-lp152.2.3.1

libpmi0-debuginfo-20.02.6-lp152.2.3.1

libslurm35-20.02.6-lp152.2.3.1

libslurm35-debuginfo-20.02.6-lp152.2.3.1

perl-slurm-20.02.6-lp152.2.3.1

perl-slurm-debuginfo-20.02.6-lp152.2.3.1

slurm-20.02.6-lp152.2.3.1

slurm-auth-none-20.02.6-lp152.2.3.1

slurm-auth-none-debuginfo-20.02.6-lp152.2.3.1

slurm-config-20.02.6-lp152.2.3.1

slurm-config-man-20.02.6-lp152.2.3.1

slurm-cray-20.02.6-lp152.2.3.1

slurm-cray-debuginfo-20.02.6-lp152.2.3.1

slurm-debuginfo-20.02.6-lp152.2.3.1

slurm-debugsource-20.02.6-lp152.2.3.1

slurm-devel-20.02.6-lp152.2.3.1

slurm-doc-20.02.6-lp152.2.3.1

slurm-hdf5-20.02.6-lp152.2.3.1

slurm-hdf5-debuginfo-20.02.6-lp152.2.3.1

slurm-lua-20.02.6-lp152.2.3.1

slurm-lua-debuginfo-20.02.6-lp152.2.3.1

slurm-munge-20.02.6-lp152.2.3.1

slurm-munge-debuginfo-20.02.6-lp152.2.3.1

slurm-node-20.02.6-lp152.2.3.1

slurm-node-debuginfo-20.02.6-lp152.2.3.1

slurm-openlava-20.02.6-lp152.2.3.1

s...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-27745.html

https://www.suse.com/security/cve/CVE-2020-27746.html

https://bugzilla.suse.com/1173805

https://bugzilla.suse.com/1178890

https://bugzilla.suse.com/1178891

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette:

List Archives:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:2056-1
Rating: important
Affected Products: openSUSE Leap 15.2 e.

Topics%20covered

Topics Covered

security advisory update buffer overflow important openSUSE leak slurm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here