SUSE Security Update: Security update for pdsh, slurm_20_02
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2607-1
Rating:             moderate
References:         #1007053 #1018371 #1031872 #1041706 #1065697 
                    #1084125 #1084917 #1085240 #1085606 #1086859 
                    #1088693 #1090292 #1095508 #1100850 #1103561 
                    #1108671 #1109373 #1116758 #1123304 #1140709 
                    #1153095 #1153259 #1155784 #1158696 #1159692 
                    #1161716 #1162377 #1164326 #1164386 #1172004 
                    #1173805 SLE-10800 SLE-7341 SLE-7342 SLE-8491 
                    
Cross-References:   CVE-2016-10030 CVE-2017-15566 CVE-2018-10995
                    CVE-2018-7033 CVE-2019-12838 CVE-2019-19727
                    CVE-2019-19728 CVE-2019-6438 CVE-2020-12693
                   
Affected Products:
                    SUSE Linux Enterprise Module for HPC 12
______________________________________________________________________________

   An update that solves 9 vulnerabilities, contains four
   features and has 22 fixes is now available.

Description:

   This update for pdsh, slurm_20_02 fixes the following issues:

   Changes in slurm_20_02:

   - Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805).
   - Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this
     fail.
   - Remove unneeded build dependency to postgresql-devel.
   - Disable build on s390 (requires 64bit).

   - Bring QA to the package build: add %%check stage.
   - Remove cruft that isn't needed any longer.
   - Add 'ghosted' run-file.
   - Add rpmlint filter to handle issues with library packages for Leap and
     enterprise upgrade versions.

   - Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004).
   - Other changes are:
    * Factor in ntasks-per-core=1 with cons_tres.
    * Fix formatting in error message in cons_tres.
    * Fix calling stat on a NULL variable.
    * Fix minor memory leak when using reservations with flags=first_cores.
    * Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node.
    * Fix --mem-per-gpu for heterogenous --gres requests.
    * Fix slurmctld load order in load_all_part_state().
    * Fix race condition not finding jobacct gather task cgroup entry.
    * Suppress error message when selecting nodes on disjoint topologies.
    * Improve performance of _pack_default_job_details() with large number of
      job
    * arguments.
    * Fix archive loading previous to 17.11 jobs per-node req_mem.
    * Fix regresion validating that --gpus-per-socket requires
      --sockets-per-node
    * for steps. Should only validate allocation requests.
    * error() instead of fatal() when parsing an invalid hostlist.
    * nss_slurm - fix potential deadlock in slurmstepd on overloaded systems.
    * cons_tres - fix --gres-flags=enforce-binding and related
      --cpus-per-gres.
    * cons_tres - Allocate lowest numbered cores when filtering cores with
      gres.
    * Fix getting system counts for named GRES/TRES.
    * MySQL - Fix for handing typed GRES for association rollups.
    * Fix step allocations when tasks_per_core > 1.
    * Fix allocating more GRES than requested when asking for multiple GRES
      types.

   - Treat libnss_slurm like any other package: add version string to upgrade
     package.

   - Updated to 20.02.1 with following changes"
    * Improve job state reason for jobs hitting partition_job_depth.
    * Speed up testing of singleton dependencies.
    * Fix negative loop bound in cons_tres.
    * srun - capture the MPI plugin return code from mpi_hook_client_fini()
      and use as final return code for step failure.
    * Fix segfault in cli_filter/lua.
    * Fix --gpu-bind=map_gpu reusability if tasks > elements.
    * Make sure config_flags on a gres are sent to the slurmctld on node
      registration.
    * Prolog/Epilog - Fix missing GPU information.
    * Fix segfault when using config parser for expanded lines.
    * Fix bit overlap test function.
    * Don't accrue time if job begin time is in the future.
    * Remove accrue time when updating a job start/eligible time to the
      future.
    * Fix regression in 20.02.0 that broke --depend=expand.
    * Reset begin time on job release if it's not in the future.
    * Fix for recovering burst buffers when using high-availability.
    * Fix invalid read due to freeing an incorrectly allocated env array.
    * Update slurmctld -i message to warn about losing data.
    * Fix scontrol cancel_reboot so it clears the DRAIN flag and node reason
      for a pending ASAP reboot.

   Changes in pdsh:
   - Bring QA to the package build: add %%check stage

   - Since the build for the SLE-12 HPC Module got fixed, simplify spec file
     and remove legacy workarounds.
   - Remove _multibuild file where not needed.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for HPC 12:

      zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2607=1



Package List:

   - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64):

      libnss_slurm2_20_02-20.02.3-3.5.1
      libnss_slurm2_20_02-debuginfo-20.02.3-3.5.1
      libpmi0_20_02-20.02.3-3.5.1
      libpmi0_20_02-debuginfo-20.02.3-3.5.1
      libslurm35-20.02.3-3.5.1
      libslurm35-debuginfo-20.02.3-3.5.1
      pdsh-slurm_18_08-2.34-7.26.2
      pdsh-slurm_18_08-debuginfo-2.34-7.26.2
      pdsh-slurm_20_02-2.34-7.26.2
      pdsh-slurm_20_02-debuginfo-2.34-7.26.2
      perl-slurm_20_02-20.02.3-3.5.1
      perl-slurm_20_02-debuginfo-20.02.3-3.5.1
      slurm_20_02-20.02.3-3.5.1
      slurm_20_02-auth-none-20.02.3-3.5.1
      slurm_20_02-auth-none-debuginfo-20.02.3-3.5.1
      slurm_20_02-config-20.02.3-3.5.1
      slurm_20_02-config-man-20.02.3-3.5.1
      slurm_20_02-debuginfo-20.02.3-3.5.1
      slurm_20_02-debugsource-20.02.3-3.5.1
      slurm_20_02-devel-20.02.3-3.5.1
      slurm_20_02-doc-20.02.3-3.5.1
      slurm_20_02-lua-20.02.3-3.5.1
      slurm_20_02-lua-debuginfo-20.02.3-3.5.1
      slurm_20_02-munge-20.02.3-3.5.1
      slurm_20_02-munge-debuginfo-20.02.3-3.5.1
      slurm_20_02-node-20.02.3-3.5.1
      slurm_20_02-node-debuginfo-20.02.3-3.5.1
      slurm_20_02-pam_slurm-20.02.3-3.5.1
      slurm_20_02-pam_slurm-debuginfo-20.02.3-3.5.1
      slurm_20_02-plugins-20.02.3-3.5.1
      slurm_20_02-plugins-debuginfo-20.02.3-3.5.1
      slurm_20_02-slurmdbd-20.02.3-3.5.1
      slurm_20_02-slurmdbd-debuginfo-20.02.3-3.5.1
      slurm_20_02-sql-20.02.3-3.5.1
      slurm_20_02-sql-debuginfo-20.02.3-3.5.1
      slurm_20_02-sview-20.02.3-3.5.1
      slurm_20_02-sview-debuginfo-20.02.3-3.5.1
      slurm_20_02-torque-20.02.3-3.5.1
      slurm_20_02-torque-debuginfo-20.02.3-3.5.1


References:

   https://www.suse.com/security/cve/CVE-2016-10030.html
   https://www.suse.com/security/cve/CVE-2017-15566.html
   https://www.suse.com/security/cve/CVE-2018-10995.html
   https://www.suse.com/security/cve/CVE-2018-7033.html
   https://www.suse.com/security/cve/CVE-2019-12838.html
   https://www.suse.com/security/cve/CVE-2019-19727.html
   https://www.suse.com/security/cve/CVE-2019-19728.html
   https://www.suse.com/security/cve/CVE-2019-6438.html
   https://www.suse.com/security/cve/CVE-2020-12693.html
   https://bugzilla.suse.com/1007053
   https://bugzilla.suse.com/1018371
   https://bugzilla.suse.com/1031872
   https://bugzilla.suse.com/1041706
   https://bugzilla.suse.com/1065697
   https://bugzilla.suse.com/1084125
   https://bugzilla.suse.com/1084917
   https://bugzilla.suse.com/1085240
   https://bugzilla.suse.com/1085606
   https://bugzilla.suse.com/1086859
   https://bugzilla.suse.com/1088693
   https://bugzilla.suse.com/1090292
   https://bugzilla.suse.com/1095508
   https://bugzilla.suse.com/1100850
   https://bugzilla.suse.com/1103561
   https://bugzilla.suse.com/1108671
   https://bugzilla.suse.com/1109373
   https://bugzilla.suse.com/1116758
   https://bugzilla.suse.com/1123304
   https://bugzilla.suse.com/1140709
   https://bugzilla.suse.com/1153095
   https://bugzilla.suse.com/1153259
   https://bugzilla.suse.com/1155784
   https://bugzilla.suse.com/1158696
   https://bugzilla.suse.com/1159692
   https://bugzilla.suse.com/1161716
   https://bugzilla.suse.com/1162377
   https://bugzilla.suse.com/1164326
   https://bugzilla.suse.com/1164386
   https://bugzilla.suse.com/1172004
   https://bugzilla.suse.com/1173805

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2607-1 moderate: pdsh, slurm_20_02

September 11, 2020
An update that solves 9 vulnerabilities, contains four features and has 22 fixes is now available

Summary

This update for pdsh, slurm_20_02 fixes the following issues: Changes in slurm_20_02: - Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805). - Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this fail. - Remove unneeded build dependency to postgresql-devel. - Disable build on s390 (requires 64bit). - Bring QA to the package build: add %%check stage. - Remove cruft that isn't needed any longer. - Add 'ghosted' run-file. - Add rpmlint filter to handle issues with library packages for Leap and enterprise upgrade versions. - Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004). - Other changes are: * Factor in ntasks-per-core=1 with cons_tres. * Fix formatting in error message in cons_tres. * Fix calling stat on a NULL variable. * Fix minor memory leak when using reservations with flags=first_cores. * Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node. * Fix --mem-per-gpu for heterogenous --gres requests. * Fix slurmctld load order in load_all_part_state(). * Fix race condition not finding jobacct gather task cgroup entry. * Suppress error message when selecting nodes on disjoint topologies. * Improve performance of _pack_default_job_details() with large number of job * arguments. * Fix archive loading previous to 17.11 jobs per-node req_mem. * Fix regresion validating that --gpus-per-socket requires --sockets-per-node * for steps. Should only validate allocation requests. * error() instead of fatal() when parsing an invalid hostlist. * nss_slurm - fix potential deadlock in slurmstepd on overloaded systems. * cons_tres - fix --gres-flags=enforce-binding and related --cpus-per-gres. * cons_tres - Allocate lowest numbered cores when filtering cores with gres. * Fix getting system counts for named GRES/TRES. * MySQL - Fix for handing typed GRES for association rollups. * Fix step allocations when tasks_per_core > 1. * Fix allocating more GRES than requested when asking for multiple GRES types. - Treat libnss_slurm like any other package: add version string to upgrade package. - Updated to 20.02.1 with following changes" * Improve job state reason for jobs hitting partition_job_depth. * Speed up testing of singleton dependencies. * Fix negative loop bound in cons_tres. * srun - capture the MPI plugin return code from mpi_hook_client_fini() and use as final return code for step failure. * Fix segfault in cli_filter/lua. * Fix --gpu-bind=map_gpu reusability if tasks > elements. * Make sure config_flags on a gres are sent to the slurmctld on node registration. * Prolog/Epilog - Fix missing GPU information. * Fix segfault when using config parser for expanded lines. * Fix bit overlap test function. * Don't accrue time if job begin time is in the future. * Remove accrue time when updating a job start/eligible time to the future. * Fix regression in 20.02.0 that broke --depend=expand. * Reset begin time on job release if it's not in the future. * Fix for recovering burst buffers when using high-availability. * Fix invalid read due to freeing an incorrectly allocated env array. * Update slurmctld -i message to warn about losing data. * Fix scontrol cancel_reboot so it clears the DRAIN flag and node reason for a pending ASAP reboot. Changes in pdsh: - Bring QA to the package build: add %%check stage - Since the build for the SLE-12 HPC Module got fixed, simplify spec file and remove legacy workarounds. - Remove _multibuild file where not needed. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2607=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnss_slurm2_20_02-20.02.3-3.5.1 libnss_slurm2_20_02-debuginfo-20.02.3-3.5.1 libpmi0_20_02-20.02.3-3.5.1 libpmi0_20_02-debuginfo-20.02.3-3.5.1 libslurm35-20.02.3-3.5.1 libslurm35-debuginfo-20.02.3-3.5.1 pdsh-slurm_18_08-2.34-7.26.2 pdsh-slurm_18_08-debuginfo-2.34-7.26.2 pdsh-slurm_20_02-2.34-7.26.2 pdsh-slurm_20_02-debuginfo-2.34-7.26.2 perl-slurm_20_02-20.02.3-3.5.1 perl-slurm_20_02-debuginfo-20.02.3-3.5.1 slurm_20_02-20.02.3-3.5.1 slurm_20_02-auth-none-20.02.3-3.5.1 slurm_20_02-auth-none-debuginfo-20.02.3-3.5.1 slurm_20_02-config-20.02.3-3.5.1 slurm_20_02-config-man-20.02.3-3.5.1 slurm_20_02-debuginfo-20.02.3-3.5.1 slurm_20_02-debugsource-20.02.3-3.5.1 slurm_20_02-devel-20.02.3-3.5.1 slurm_20_02-doc-20.02.3-3.5.1 slurm_20_02-lua-20.02.3-3.5.1 slurm_20_02-lua-debuginfo-20.02.3-3.5.1 slurm_20_02-munge-20.02.3-3.5.1 slurm_20_02-munge-debuginfo-20.02.3-3.5.1 slurm_20_02-node-20.02.3-3.5.1 slurm_20_02-node-debuginfo-20.02.3-3.5.1 slurm_20_02-pam_slurm-20.02.3-3.5.1 slurm_20_02-pam_slurm-debuginfo-20.02.3-3.5.1 slurm_20_02-plugins-20.02.3-3.5.1 slurm_20_02-plugins-debuginfo-20.02.3-3.5.1 slurm_20_02-slurmdbd-20.02.3-3.5.1 slurm_20_02-slurmdbd-debuginfo-20.02.3-3.5.1 slurm_20_02-sql-20.02.3-3.5.1 slurm_20_02-sql-debuginfo-20.02.3-3.5.1 slurm_20_02-sview-20.02.3-3.5.1 slurm_20_02-sview-debuginfo-20.02.3-3.5.1 slurm_20_02-torque-20.02.3-3.5.1 slurm_20_02-torque-debuginfo-20.02.3-3.5.1

References

#1007053 #1018371 #1031872 #1041706 #1065697

#1084125 #1084917 #1085240 #1085606 #1086859

#1088693 #1090292 #1095508 #1100850 #1103561

#1108671 #1109373 #1116758 #1123304 #1140709

#1153095 #1153259 #1155784 #1158696 #1159692

#1161716 #1162377 #1164326 #1164386 #1172004

#1173805 SLE-10800 SLE-7341 SLE-7342 SLE-8491

Cross- CVE-2016-10030 CVE-2017-15566 CVE-2018-10995

CVE-2018-7033 CVE-2019-12838 CVE-2019-19727

CVE-2019-19728 CVE-2019-6438 CVE-2020-12693

Affected Products:

SUSE Linux Enterprise Module for HPC 12

https://www.suse.com/security/cve/CVE-2016-10030.html

https://www.suse.com/security/cve/CVE-2017-15566.html

https://www.suse.com/security/cve/CVE-2018-10995.html

https://www.suse.com/security/cve/CVE-2018-7033.html

https://www.suse.com/security/cve/CVE-2019-12838.html

https://www.suse.com/security/cve/CVE-2019-19727.html

https://www.suse.com/security/cve/CVE-2019-19728.html

https://www.suse.com/security/cve/CVE-2019-6438.html

https://www.suse.com/security/cve/CVE-2020-12693.html

https://bugzilla.suse.com/1007053

https://bugzilla.suse.com/1018371

https://bugzilla.suse.com/1031872

https://bugzilla.suse.com/1041706

https://bugzilla.suse.com/1065697

https://bugzilla.suse.com/1084125

https://bugzilla.suse.com/1084917

https://bugzilla.suse.com/1085240

https://bugzilla.suse.com/1085606

https://bugzilla.suse.com/1086859

https://bugzilla.suse.com/1088693

https://bugzilla.suse.com/1090292

https://bugzilla.suse.com/1095508

https://bugzilla.suse.com/1100850

https://bugzilla.suse.com/1103561

https://bugzilla.suse.com/1108671

https://bugzilla.suse.com/1109373

https://bugzilla.suse.com/1116758

https://bugzilla.suse.com/1123304

https://bugzilla.suse.com/1140709

https://bugzilla.suse.com/1153095

https://bugzilla.suse.com/1153259

https://bugzilla.suse.com/1155784

https://bugzilla.suse.com/1158696

https://bugzilla.suse.com/1159692

https://bugzilla.suse.com/1161716

https://bugzilla.suse.com/1162377

https://bugzilla.suse.com/1164326

https://bugzilla.suse.com/1164386

https://bugzilla.suse.com/1172004

https://bugzilla.suse.com/1173805

Severity
Announcement ID: SUSE-SU-2020:2607-1
Rating: moderate