Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

SUSE Linux 15-SP2: SUSE-SU-2021:2295-1 Critical: Slurm Code Execution

suse
Calendar Grey July 12, 2021
Scroller Suse
SUSE has released a security update for slurm_20_11 that addresses a severe remote code execution vulnerability, along with various additional fixes.
An update that solves one vulnerability and has two fixes is now available

Summary

This update for slurm_20_11 fixes the following issues: Updated to 20.11.7 Summary of new features: * CVE-2021-31215: Fixed a remote code execution as SlurmUser (bsc#1186024). * slurmd - handle configless failures gracefully instead of hanging indefinitely. * select/cons_tres - fix Dragonfly topology not selecting nodes in the same leaf switch when it should as well as requests with *-switches option. * Fix issue where certain step requests wouldn't run if the first node in the job allocation was full and there were idle resources on other nodes in the job allocation. * Fix deadlock issue with Slurmctld. * torque/qstat - fix printf error message in output. * When adding associations or wckeys avoid checking multiple times a user or cluster name.

References

#1180700 #1185603 #1186024

Cross- CVE-2021-31215

CVSS scores:

CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products:

SUSE Linux Enterprise Module for HPC 15-SP2

SUSE Linux Enterprise High Performance Computing 15-SP2

https://www.suse.com/security/cve/CVE-2021-31215.html

https://bugzilla.suse.com/1180700

https://bugzilla.suse.com/1185603

https://bugzilla.suse.com/1186024

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2295-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.