Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:0311-1 Important: Slurm 22_05 Moderate Risk of Security Issues

suse
Calendar Grey February 2, 2024
Dist Suse Esm H88
The recent release of slurm_22_05 targets critical security flaws and resolves vulnerabilities that impact SUSE operating environments.
* bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218050 * bsc#1218051

Summary

## This update for slurm_22_05 fixes the following issues: Update to slurm 22.05.11: Security fixes: * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory security issue patch software SUSE Slurm HPC Module

References

* bsc#1216869

* bsc#1217711

* bsc#1218046

* bsc#1218050

* bsc#1218051

* bsc#1218053

Cross-

* CVE-2023-49933

* CVE-2023-49936

* CVE-2023-49937

* CVE-2023-49938

CVSS scores:

* CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0311-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue patch software SUSE Slurm HPC Module

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here