Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2021:0773-1 Important: Slurm And PDSH Buffer Overflow Fix

suse
Calendar Grey March 12, 2021
Dist Suse Esm H88
A security patch for slurm_20_11 and pdsh has resolved 11 vulnerabilities, enhancing overall stability in SUSE environments.
An update that fixes 11 vulnerabilities, contains one feature is now available

Summary

This update for pdsh fixes the following issues: - Preparing pdsh for Slurm 20.11 (jsc#ECO-2412) - Simplify convoluted condition. This update for slurm fixes the following issues: - Fix potential buffer overflows from use of unpackmem(). CVE-2020-27745 (bsc#1178890) - Fix potential leak of the magic cookie when sent as an argument to the xauth command. CVE-2020-27746 (bsc#1178891) - Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805). - Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004). - slurm-plugins will now also require pmix not only libpmix (bsc#1164326) - Removed autopatch as it doesn't work for the SLE-11-SP4 build. - Disable %arm builds as this is no longer supported. - pmix searches now also for libpmix.so.2 so that there is no dependency for devel package (bsc#1164386)

Topics%20covered

Topics Covered

security advisory buffer overflow patch important SUSE slurm pdsh

References

#1018371 #1065697 #1085240 #1095508 #1123304

#1140709 #1155784 #1159692 #1172004 #1178890

#1178891 ECO-2412

Cross- CVE-2016-10030 CVE-2017-15566 CVE-2018-10995

CVE-2018-7033 CVE-2019-12838 CVE-2019-19727

CVE-2019-19728 CVE-2019-6438 CVE-2020-12693

CVE-2020-27745 CVE-2020-27746

CVSS scores:

CVE-2016-10030 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2017-15566 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2018-10995 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2018-10995 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVE-2018-7033 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-7033 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0773-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow patch important SUSE slurm pdsh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here