Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
100
security advisorymoderate severitySUSESUSE: 2023:4157-1 Moderate: Python-urllib3 Cookie Leak Mitigation
* bsc#1215968 Cross-References: * CVE-2023-43804 . # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4157-1 Rating: moderate References: * bsc#1215968 Cross-References: * CVE-2023-43804 CVSS scores: * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4157=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4157=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4157=1 ## Package List: * SUSE OpenStack Cloud 8 (noarch) * python-urllib3-1.25.10-5.22.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-urllib3-1.25.10-5.22.1 * HPE Helion OpenStack 8 (noarch) * python-urllib3-1.25.10-5.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43804.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 . Important revision for python-urllib3 tackling security flaws linked to cookie leakage in SUSE platforms, notably affecting OpenStack deployments.. SUSE Update, Python Urllib3 Fix, Security Advisory, Cookie Leak. . Severity: Important. LinuxSecurity.com Team
Oct 23, 2023
•Important
SuSE
100
security advisoryupdatemoderate severitySUSE: 2023:4112-1 Moderate: Python-requests Vulnerability Resolved
* bsc#1215968 Cross-References: * CVE-2023-43804 . # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4108-1 Rating: moderate References: * bsc#1215968 Cross-References: * CVE-2023-43804 CVSS scores: * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4108=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4108=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4108=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4108=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4108=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4108=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4108=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4108=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4108=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4108=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4108=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4108=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4108=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Manager Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE LinuxEnterprise Micro 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * Basesystem Module 15-SP4 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * Basesystem Module 15-SP5 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Manager Proxy 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43804.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 . SUSE reveals a critical security patch for python-urllib3, aimed at rectifying a vulnerability related to cookie exposure. Explore the specifics of the resolution.. python urllib3 update, SUSE security patch, moderate severity fix, cookie leak threat. . Severity: Important. LinuxSecurity.com Team
Oct 18, 2023
•Important
SuSE
100
security advisorymoderatesecurity updateSUSE: 2023:4064-1 Moderate: Python-urllib3 HTTP Redirect Issue
* #1215968 Cross-References: * CVE-2023-43804 . # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4064-1 Rating: moderate References: * #1215968 Cross-References: * CVE-2023-43804 CVSS scores: * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4064=1 * SUSE Linux Enterprise High PerformanceComputing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4064=1 * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4064=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * Public Cloud Module 12 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43804.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 . Critical patch released for python-urllib3 targeting vulnerability related to session handling during HTTP redirection on openSUSE distributions.. python-urllib3 Security Update, Cookie Leak Fix, SUSE Moderate Advisory. . Severity: Important. LinuxSecurity.com Team
Oct 12, 2023
•Important
SuSE
89
security advisorysoftware updateFedoraFedora 38: FEDORA-2023-1f11546a48 Critical: youtube-dl Cookie Leak
Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-1f11546a48 2023-08-25 01:28:31.289775 -------------------------------------------------------------------------------- Name : youtube-dl Product : Fedora 38 Version : 2023.08.04.git86e3cf5 Release : 1.20230815git86e3cf5.fc38 URL : https://github.com/ytdl-org/youtube-dl Summary : A small command-line program to download online videos Description : Small command-line program to download videos from YouTube and other sites. -------------------------------------------------------------------------------- Update Information: Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 15 2023 David Bold - 2023.08.04.git286e3cf-1.20230815git286e3cf - Update to latest git snapshot * Tue Aug 1 2023 David Bold - 2023.07.30.git2efc8de-1.20230801git2efc8de - Update to latest git snapshot - Ajust for building from snapshot * Sat Jul 22 2023 Fedora Release Engineering - 2021.12.17-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint - 2021.12.17-6 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2203137 - Please pull in additioal patches fro upstream https://bugzilla.redhat.com/show_bug.cgi?id=2203137 [ 2 ] Bug #2203543 - Add dependency on ffmpeg-free or ffmpeg? https://bugzilla.redhat.com/show_bug.cgi?id=2203543 [ 3 ] Bug #2221073 - CVE-2023-35934 youtube-dl: yt-dlp: cookie leak vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2221073 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1f11546a48' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 25, 2023
•Critical
Fedora
89
security advisorymoderateupdateFedora 37: 2023-6732a1b1f30 Low: Youtube-Dl Security Enhancement Update
Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-5435c10480 2023-08-25 00:42:10.290409 -------------------------------------------------------------------------------- Name : youtube-dl Product : Fedora 37 Version : 2023.07.30.git2efc8de Release : 1.20230815git2efc8de.fc37 URL : https://github.com/ytdl-org/youtube-dl Summary : A small command-line program to download online videos Description : Small command-line program to download videos from YouTube and other sites. -------------------------------------------------------------------------------- Update Information: Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 1 2023 David Bold - 2023.07.30.git2efc8de-1.20230801git2efc8de - Update to latest git snapshot - Ajust for building from snapshot * Sat Jul 22 2023 Fedora Release Engineering - 2021.12.17-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint - 2021.12.17-6 - Rebuilt for Python 3.12 * Sat Jan 21 2023 Fedora Release Engineering - 2021.12.17-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2203137 - Please pull in additioal patches fro upstream https://bugzilla.redhat.com/show_bug.cgi?id=2203137 [ 2 ] Bug #2203543 - Add dependency on ffmpeg-free or ffmpeg? https://bugzilla.redhat.com/show_bug.cgi?id=2203543 [ 3 ] Bug #2221073 - CVE-2023-35934 youtube-dl: yt-dlp: cookie leak vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2221073 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5435c10480' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 25, 2023
•Important
Fedora
202
security advisorysecurity updatebuffer overflowopenSUSE Leap 15.2: 2021:0096-1 Important Buffer Overflow & Cookie Leak
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for slurm_18_08 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0096-1 Rating: important References: #1178890 #1178891 Cross-References: CVE-2020-27745 CVE-2020-27746 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm_18_08 fixes the following issues: Security issues fixed: - CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem (bsc#1178890). - CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-96=1 Package List: - openSUSE Leap 15.2 (x86_64): libpmi0-18.08.9-lp152.5.1 libpmi0-debuginfo-18.08.9-lp152.5.1 libslurm33-18.08.9-lp152.5.1 libslurm33-debuginfo-18.08.9-lp152.5.1 perl-slurm-18.08.9-lp152.5.1 perl-slurm-debuginfo-18.08.9-lp152.5.1 slurm-18.08.9-lp152.5.1 slurm-auth-none-18.08.9-lp152.5.1 slurm-auth-none-debuginfo-18.08.9-lp152.5.1 slurm-config-18.08.9-lp152.5.1 slurm-config-man-18.08.9-lp152.5.1 slurm-cray-18.08.9-lp152.5.1 slurm-cray-debuginfo-18.08.9-lp152.5.1 slurm-debuginfo-18.08.9-lp152.5.1 slurm-debugsource-18.08.9-lp152.5.1 slurm-devel-18.08.9-lp152.5.1 slurm-doc-18.08.9-lp152.5.1 slurm-hdf5-18.08.9-lp152.5.1 slurm-hdf5-debuginfo-18.08.9-lp152.5.1 slurm-lua-18.08.9-lp152.5.1 slurm-lua-debuginfo-18.08.9-lp152.5.1 slurm-munge-18.08.9-lp152.5.1 slurm-munge-debuginfo-18.08.9-lp152.5.1 slurm-node-18.08.9-lp152.5.1 slurm-node-debuginfo-18.08.9-lp152.5.1 slurm-openlava-18.08.9-lp152.5.1 slurm-pam_slurm-18.08.9-lp152.5.1 slurm-pam_slurm-debuginfo-18.08.9-lp152.5.1 slurm-plugins-18.08.9-lp152.5.1 slurm-plugins-debuginfo-18.08.9-lp152.5.1 slurm-seff-18.08.9-lp152.5.1 slurm-sjstat-18.08.9-lp152.5.1 slurm-slurmdbd-18.08.9-lp152.5.1 slurm-slurmdbd-debuginfo-18.08.9-lp152.5.1 slurm-sql-18.08.9-lp152.5.1 slurm-sql-debuginfo-18.08.9-lp152.5.1 slurm-sview-18.08.9-lp152.5.1 slurm-sview-debuginfo-18.08.9-lp152.5.1 slurm-torque-18.08.9-lp152.5.1 slurm-torque-debuginfo-18.08.9-lp152.5.1 slurm-webdoc-18.08.9-lp152.5.1 References: https://www.suse.com/security/cve/CVE-2020-27745.html https://www.suse.com/security/cve/CVE-2020-27746.html https://bugzilla.suse.com/1178890 https://bugzilla.suse.com/1178891 . The patch addresses vulnerabilities in slurm_18_08 for openSUSE Leap 15.2, particularly mitigating risks of buffer overflows and potential cookie data leaks.. openSUSE Update, slurm Security Fix, Threat Mitigation, Buffer Overflow Issue. . Severity: Important. LinuxSecurity.com Team
Jan 17, 2021
•Important
OpenSUSE
100
security advisorybuffer overflowimportantSUSE: 2020:3892-1 Critical: Slurm Buffer Overflow & Cookie Leak Fix
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for slurm_20_02 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3892-1 Rating: important References: #1178890 #1178891 Cross-References: CVE-2020-27745 CVE-2020-27746 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm_20_02 fixes the following issues: Security issues fixed: - CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem (bsc#1178890). - CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). Non-security issues fixed: - Updated to 20.02.6. Full log and details available at: * https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html - Updated to 20.02.5, changes: * Fix leak of TRESRunMins when job time is changed with --time-min * pam_slurm - explicitly initialize slurm config to support configless mode. * scontrol - Fix exit code when creating/updating reservations with wrong Flags. * When a GRES has a no_consume flag, report 0 for allocated. * Fix cgroup cleanup by jobacct_gather/cgroup. * When creating reservations/jobs don't allow counts on a feature unless using an XOR. * Improve number of boards discovery * Fix updating a reservation NodeCnt on a zero-count reservation. * slurmrestd - provide an explicit error messages when PSK auth fails. * cons_tres - fix job requesting single gres per-node getting two or more nodes with less CPUs than requested per-task. * cons_tres - fix calculation of cores when using gres and cpus-per-task. * cons_tres - fix job not getting access to socket without GPU or with less than --gpus-per-socket when not enough cpus available on required socket and not using --gres-flags=enforce binding. * Fix HDF5 type version build error. * Fix creation of CoreCnt only reservations when the first node isn't available. * Fix wrong DBD Agent queue size in sdiag when using accounting_storage/none. * Improve job constraints XOR option logic. * Fix preemption of hetjobs when needed nodes not in leader component. * Fix wrong bit_or() messing potential preemptor jobs node bitmap, causing bad node deallocations and even allocation of nodes from other partitions. * Fix double-deallocation of preempted non-leader hetjob components. * slurmdbd - prevent truncation of the step nodelists over 4095. * Fix nodes remaining in drain state state after rebooting with ASAP option. - changes from 20.02.4: * srun - suppress job step creation warning message when waiting on PrologSlurmctld. * slurmrestd - fix incorrect return values in data_list_for_each() functions. * mpi/pmix - fix issue where HetJobs could fail to launch. * slurmrestd - set content-type header in responses. * Fix cons_res GRES overallocation for --gres-flags=disable-binding. * Fix cons_res incorrectly filtering cores with respect to GRES locality for --gres-flags=disable-binding requests. * Fix regression where a dependency on multiple jobs in a single array using underscores would only add the first job. * slurmrestd - fix corrupted output due to incorrect use of memcpy(). * slurmrestd - address a number of minor Coverity warnings. * Handle retry failure when slurmstepd is communicating with srun correctly. * Fix jobacct_gather possibly duplicate stats when _is_a_lwp error shows up. * Fix tasks binding to GRES which are closest to the allocated CPUs. * Fix AMD GPU ROCM 3.5 support. * Fix handling of job arrays in sacct when querying specific steps. * slurmrestd -avoid fallback to local socket authentication if JWT authentication is ill-formed. * slurmrestd - restrict ability of requests to use different authentication plugins. * slurmrestd - unlink named unix sockets before closing. * slurmrestd - fix invalid formatting in openapi.json. * Fix batch jobs stuck in CF state on FrontEnd mode. * Add a separate explicit error message when rejecting changes to active node features. * cons_common/job_test - fix slurmctld SIGABRT due to double-free. * Fix updating reservations to set the duration correctly if updating the start time. * Fix update reservation to promiscuous mode. * Fix override of job tasks count to max when ntasks-per-node present. * Fix min CPUs per node not being at least CPUs per task requested. * Fix CPUs allocated to match CPUs requested when requesting GRES and threads per core equal to one. * Fix NodeName config parsing with Boards and without CPUs. * Ensure SLURM_JOB_USER and SLURM_JOB_UID are set in SrunProlog/Epilog. * Fix error messages for certain invalid salloc/sbatch/srun options. * pmi2 - clean up sockets at step termination. * Fix 'scontrol hold' to work with 'JobName'. * sbatch - handle --uid/--gid in #SBATCH directives properly. * Fix race condition in job termination on slurmd. * Print specific error messages if trying to run use certain priority/multifactor factors that cannot work without SlurmDBD. * Avoid partial GRES allocation when --gpus-per-job is not satisfied. * Cray - Avoid referencing a variable outside of it's correct scope when dealing with creating steps within a het job. * slurmrestd - correctly handle larger addresses from accept(). * Avoid freeing wrong pointer with SlurmctldParameters=max_dbd_msg_action with another option after that. * Restore MCS label when suspended job is resumed. * Fix insufficient lock levels. * slurmrestd - use errno from job submission. * Fix"user" filter for sacctmgr show transactions. * Fix preemption logic. * Fix no_consume GRES for exclusive (whole node) requests. * Fix regression in 20.02 that caused an infinite loop in slurmctld when requesting --distribution=plane for the job. * Fix parsing of the --distribution option. * Add CONF READ_LOCK to _handle_fed_send_job_sync. * prep/script - always call slurmctld PrEp callback in _run_script(). * Fix node estimation for jobs that use GPUs or --cpus-per-task. * Fix jobcomp, job_submit and cli_filter Lua implementation plugins causing slurmctld and/or job submission CLI tools segfaults due to bad return handling when the respective Lua script failed to load. * Fix propagation of gpu options through hetjob components. * Add SLURM_CLUSTERS environment variable to scancel. * Fix packing/unpacking of "unlinked" jobs. * Connect slurmstepd's stderr to srun for steps launched with --pty. * Handle MPS correctly when doing exclusive allocations. * slurmrestd - fix compiling against libhttpparser in a non-default path. * slurmrestd - avoid compilation issues with libhttpparser < 2.6. * Fix compile issues when compiling slurmrestd without --enable-debug. * Reset idle time on a reservation that is getting purged. * Fix reoccurring reservations that have Purge_comp= to keep correct duration if they are purged. * scontrol - changed the "PROMISCUOUS" flag to "MAGNETIC" * Early return from epilog_set_env in case of no_consume. * Fix cons_common/job_test start time discovery logic to prevent skewed results between "will run test" executions. * Ensure TRESRunMins limits are maintained during "scontrol reconfigure". * Improve error message when host lookup fails. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE LinuxEnterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-3892=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnss_slurm2_20_02-20.02.6-3.8.1 libnss_slurm2_20_02-debuginfo-20.02.6-3.8.1 libpmi0_20_02-20.02.6-3.8.1 libpmi0_20_02-debuginfo-20.02.6-3.8.1 libslurm35-20.02.6-3.8.1 libslurm35-debuginfo-20.02.6-3.8.1 perl-slurm_20_02-20.02.6-3.8.1 perl-slurm_20_02-debuginfo-20.02.6-3.8.1 slurm_20_02-20.02.6-3.8.1 slurm_20_02-auth-none-20.02.6-3.8.1 slurm_20_02-auth-none-debuginfo-20.02.6-3.8.1 slurm_20_02-config-20.02.6-3.8.1 slurm_20_02-config-man-20.02.6-3.8.1 slurm_20_02-debuginfo-20.02.6-3.8.1 slurm_20_02-debugsource-20.02.6-3.8.1 slurm_20_02-devel-20.02.6-3.8.1 slurm_20_02-doc-20.02.6-3.8.1 slurm_20_02-lua-20.02.6-3.8.1 slurm_20_02-lua-debuginfo-20.02.6-3.8.1 slurm_20_02-munge-20.02.6-3.8.1 slurm_20_02-munge-debuginfo-20.02.6-3.8.1 slurm_20_02-node-20.02.6-3.8.1 slurm_20_02-node-debuginfo-20.02.6-3.8.1 slurm_20_02-pam_slurm-20.02.6-3.8.1 slurm_20_02-pam_slurm-debuginfo-20.02.6-3.8.1 slurm_20_02-plugins-20.02.6-3.8.1 slurm_20_02-plugins-debuginfo-20.02.6-3.8.1 slurm_20_02-slurmdbd-20.02.6-3.8.1 slurm_20_02-slurmdbd-debuginfo-20.02.6-3.8.1 slurm_20_02-sql-20.02.6-3.8.1 slurm_20_02-sql-debuginfo-20.02.6-3.8.1 slurm_20_02-sview-20.02.6-3.8.1 slurm_20_02-sview-debuginfo-20.02.6-3.8.1 slurm_20_02-torque-20.02.6-3.8.1 slurm_20_02-torque-debuginfo-20.02.6-3.8.1 References: https://www.suse.com/security/cve/CVE-2020-27745.html https://www.suse.com/security/cve/CVE-2020-27746.html https://bugzilla.suse.com/1178890 https://bugzilla.suse.com/1178891 . Important SUSE patch for slurm_20_02 resolving significant security vulnerabilities including buffer overflow and cookie exposure risks. Update immediately!. SUSE Update, Slurm Patch,Security Fixes, HPC, Linux Updates. . Severity: Important. LinuxSecurity.com Team
Dec 21, 2020
•Important
SuSE
202
security advisorybuffer overflowimportant updateopenSUSE 15.1: 2020:2286-1 Important: Slurm Buffer Overflow and Leak
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for slurm_18_08 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2286-1 Rating: important References: #1178890 #1178891 Cross-References: CVE-2020-27745 CVE-2020-27746 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm_18_08 fixes the following issues: Security issues fixed: - CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem (bsc#1178890). - CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2286=1 Package List: - openSUSE Leap 15.1 (x86_64): libpmi0-18.08.9-lp151.6.1 libpmi0-debuginfo-18.08.9-lp151.6.1 libslurm33-18.08.9-lp151.6.1 libslurm33-debuginfo-18.08.9-lp151.6.1 perl-slurm-18.08.9-lp151.6.1 perl-slurm-debuginfo-18.08.9-lp151.6.1 slurm-18.08.9-lp151.6.1 slurm-auth-none-18.08.9-lp151.6.1 slurm-auth-none-debuginfo-18.08.9-lp151.6.1 slurm-config-18.08.9-lp151.6.1 slurm-config-man-18.08.9-lp151.6.1 slurm-cray-18.08.9-lp151.6.1 slurm-cray-debuginfo-18.08.9-lp151.6.1 slurm-debuginfo-18.08.9-lp151.6.1 slurm-debugsource-18.08.9-lp151.6.1 slurm-devel-18.08.9-lp151.6.1 slurm-doc-18.08.9-lp151.6.1 slurm-hdf5-18.08.9-lp151.6.1 slurm-hdf5-debuginfo-18.08.9-lp151.6.1 slurm-lua-18.08.9-lp151.6.1 slurm-lua-debuginfo-18.08.9-lp151.6.1 slurm-munge-18.08.9-lp151.6.1 slurm-munge-debuginfo-18.08.9-lp151.6.1 slurm-node-18.08.9-lp151.6.1 slurm-node-debuginfo-18.08.9-lp151.6.1 slurm-openlava-18.08.9-lp151.6.1 slurm-pam_slurm-18.08.9-lp151.6.1 slurm-pam_slurm-debuginfo-18.08.9-lp151.6.1 slurm-plugins-18.08.9-lp151.6.1 slurm-plugins-debuginfo-18.08.9-lp151.6.1 slurm-seff-18.08.9-lp151.6.1 slurm-sjstat-18.08.9-lp151.6.1 slurm-slurmdbd-18.08.9-lp151.6.1 slurm-slurmdbd-debuginfo-18.08.9-lp151.6.1 slurm-sql-18.08.9-lp151.6.1 slurm-sql-debuginfo-18.08.9-lp151.6.1 slurm-sview-18.08.9-lp151.6.1 slurm-sview-debuginfo-18.08.9-lp151.6.1 slurm-torque-18.08.9-lp151.6.1 slurm-torque-debuginfo-18.08.9-lp151.6.1 slurm-webdoc-18.08.9-lp151.6.1 References: https://www.suse.com/security/cve/CVE-2020-27745.html https://www.suse.com/security/cve/CVE-2020-27746.html https://bugzilla.suse.com/1178890 https://bugzilla.suse.com/1178891 _______________________________________________ openSUSE Security Announce mailing list --
Dec 19, 2020
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!