Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

SUSE: 2021:2473-1 Important: Slurm Remote Code Execution Patch

suse
Calendar Grey July 27, 2021
Dist Suse Esm H88
SUSE enhances slurm to address a severe security vulnerability, boosting reliability and efficiency throughout its offerings.
An update that solves one vulnerability and has one errata is now available

Summary

This update for slurm fixes the following issues: Updated to 20.11.7 Summary of new features: * CVE-2021-31215: Fixed a remote code execution as SlurmUser (bsc#1186024). * slurmd - handle configless failures gracefully instead of hanging indefinitely. * select/cons_tres - fix Dragonfly topology not selecting nodes in the same leaf switch when it should as well as requests with *-switches option. * Fix issue where certain step requests wouldn't run if the first node in the job allocation was full and there were idle resources on other nodes in the job allocation. * Fix deadlock issue with Slurmctld. * torque/qstat - fix printf error message in output. * When adding associations or wckeys avoid checking multiple times a user or cluster name.

References

#1180700 #1186024

Cross- CVE-2021-31215

CVSS scores:

CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products:

SUSE Linux Enterprise Module for HPC 15-SP3

https://www.suse.com/security/cve/CVE-2021-31215.html

https://bugzilla.suse.com/1180700

https://bugzilla.suse.com/1186024

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2473-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.