Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisoryimportant updatesuse linuxSUSE: 2025:01757-1 important: slurm_24_11 permission issue
* bsc#1243666 Cross-References: * CVE-2025-43904 . # Security update for slurm_24_11 Announcement ID: SUSE-SU-2025:01757-1 Release Date: 2025-05-29T14:47:58Z Rating: important References: * bsc#1243666 Cross-References: * CVE-2025-43904 CVSS scores: * CVE-2025-43904 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43904 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for slurm_24_11 fixes the following issues: Update to version 24.11.5. Security issues fixed: * CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator (bsc#1243666). Other changes and issues fixed: * Changes from version 24.11.5 * Return error to `scontrol` reboot on bad nodelists. * `slurmrestd` \- Report an error when QOS resolution fails for v0.0.40 endpoints. * `slurmrestd` \- Report an error when QOS resolution fails for v0.0.41 endpoints. * `slurmrestd` \- Report an error when QOS resolution fails for v0.0.42 endpoints. * `data_parser/v0.0.42` \- Added `+inline_enums` flag which modifies the output when generating OpenAPI specification. It causesenum arrays to not be defined in their own schema with references (`$ref`) to them. Instead they will be dumped inline. * Fix binding error with `tres-bind map/mask` on partial node allocations. * Fix `stepmgr` enabled steps being able to request features. * Reject step creation if requested feature is not available in job. * `slurmd` \- Restrict listening for new incoming RPC requests further into startup. * `slurmd` \- Avoid `auth/slurm` related hangs of CLI commands during startup and shutdown. * `slurmctld` \- Restrict processing new incoming RPC requests further into startup. Stop processing requests sooner during shutdown. * `slurmcltd` \- Avoid auth/slurm related hangs of CLI commands during startup and shutdown. * `slurmctld` \- Avoid race condition during shutdown or ereconfigure that could result in a crash due delayed processing of a connection while plugins are unloaded. * Fix small memleak when getting the job list from the database. * Fix incorrect printing of `%` escape characters when printing stdio fields for jobs. * Fix padding parsing when printing stdio fields for jobs. * Fix printing `%A` array job id when expanding patterns. * Fix reservations causing jobs to be held for `Bad Constraints`. * `switch/hpe_slingshot` \- Prevent potential segfault on failed curl request to the fabric manager. * Fix printing incorrect array job id when expanding stdio file names. The `%A` will now be substituted by the correct value. * Fix printing incorrect array job id when expanding stdio file names. The `%A` will now be substituted by the correct value. * `switch/hpe_slingshot` \- Fix VNI range not updating on slurmctld restart or reconfigre. * Fix steps not being created when using certain combinations of `-c` and `-n` inferior to the jobs requested resources, when using stepmgr and nodes are configured with `CPUs == Sockets*CoresPerSocket`. * Permit configuring the number of retry attempts to destroy CXIservice via the new destroy_retries `SwitchParameter`. * Do not reset `memory.high` and `memory.swap.max` in slurmd startup or reconfigure as we are never really touching this in `slurmd`. * Fix reconfigure failure of slurmd when it has been started manually and the `CoreSpecLimits` have been removed from `slurm.conf`. * Set or reset CoreSpec limits when slurmd is reconfigured and it was started with systemd. * `switch/hpe-slingshot` \- Make sure the slurmctld can free step VNIs after the controller restarts or reconfigures while the job is running. * Fix backup `slurmctld` failure on 2nd takeover. * Changes from version 24.11.4 * `slurmctld`,`slurmrestd` \- Avoid possible race condition that could have caused process to crash when listener socket was closed while accepting a new connection. * `slurmrestd` \- Avoid race condition that could have resulted in address logged for a UNIX socket to be incorrect. * `slurmrestd` \- Fix parameters in OpenAPI specification for the following endpoints to have `job_id` field: `GET /slurm/v0.0.40/jobs/state/ GET /slurm/v0.0.41/jobs/state/ GET /slurm/v0.0.42/jobs/state/ GET /slurm/v0.0.43/jobs/state/` * `slurmd` \- Fix tracking of thread counts that could cause incoming connections to be ignored after burst of simultaneous incoming connections that trigger delayed response logic. * Avoid unnecessary `SRUN_TIMEOUT` forwarding to `stepmgr`. * Fix jobs being scheduled on higher weighted powered down nodes. * Fix how backfill scheduler filters nodes from the available nodes based on exclusive user and `mcs_label` requirements. * `acct_gather_energy/{gpu,ipmi}` \- Fix potential energy consumption adjustment calculation underflow. * `acct_gather_energy/ipmi` \- Fix regression introduced in 24.05.5 (which introduced the new way of preserving energy measurements through slurmd restarts) when `EnergyIPMICalcAdjustment=yes`. * Prevent `slurmctld` deadlock in the assoc mgr. * Fixmemory leak when `RestrictedCoresPerGPU` is enabled. * Fix preemptor jobs not entering execution due to wrong calculation of accounting policy limits. * Fix certain job requests that were incorrectly denied with node configuration unavailable error. * `slurmd` \- Avoid crash due when slurmd has a communications failure with `slurmstepd`. * Fix memory leak when parsing yaml input. * Prevent `slurmctld` from showing error message about `PreemptMode=GANG` being a cluster-wide option for `scontrol update part` calls that don't attempt to modify partition PreemptMode. * Fix setting `GANG` preemption on partition when updating `PreemptMode` with `scontrol`. * Fix `CoreSpec` and `MemSpec` limits not being removed from previously configured slurmd. * Avoid race condition that could lead to a deadlock when `slurmd`, `slurmstepd`, `slurmctld`, `slurmrestd` or `sackd` have a fatal event. * Fix jobs using `--ntasks-per-node` and `--mem` keep pending forever when the requested mem divided by the number of CPUs will surpass the configured `MaxMemPerCPU`. * `slurmd` \- Fix address logged upon new incoming RPC connection from `INVALID` to IP address. * Fix memory leak when retrieving reservations. This affects `scontrol`, `sinfo`, `sview`, and the following `slurmrestd` endpoints: `GET /slurm/{any_data_parser}/reservation/{reservation_name}` `GET /slurm/{any_data_parser}/reservations` * Log warning instead of `debuflags=conmgr` gated log when deferring new incoming connections when number of active connections exceed `conmgr_max_connections`. * Avoid race condition that could result in worker thread pool not activating all threads at once after a reconfigure resulting in lower utilization of available CPU threads until enough internal activity wakes up all threads in the worker pool. * Avoid theoretical race condition that could result in new incoming RPC socket connections being ignored after reconfigure. * slurmd -Avoid race condition that could result in a state where new incoming RPC connections will always be ignored. * Add ReconfigFlags=KeepNodeStateFuture to restore saved `FUTURE` node state on restart and reconfig instead of reverting to `FUTURE` state. This will be made the default in 25.05. * Fix case where hetjob submit would cause `slurmctld` to crash. * Fix jobs using `--cpus-per-gpu` and `--mem` keep pending forever when the requested mem divided by the number of CPUs will surpass the configured `MaxMemPerCPU`. * Enforce that jobs using `--mem` and several `--*-per-*` options do not violate the `MaxMemPerCPU` in place. * `slurmctld` \- Fix use-cases of jobs incorrectly pending held when `--prefer` features are not initially satisfied. * `slurmctld` \- Fix jobs incorrectly held when `--prefer` not satisfied in some use-cases. * Ensure `RestrictedCoresPerGPU` and `CoreSpecCount` don't overlap. * Changes from version 24.11.3 * Fix database cluster ID generation not being random. * Fix a regression in which `slurmd -G` gave no output. * Fix a long-standing crash in `slurmctld` after updating a reservation with an empty nodelist. The crash could occur after restarting slurmctld, or if downing/draining a node in the reservation with the `REPLACE` or `REPLACE_DOWN` flag. * Avoid changing process name to "`watch`" from original daemon name. This could potentially breaking some monitoring scripts. * Avoid `slurmctld` being killed by `SIGALRM` due to race condition at startup. * Fix race condition in slurmrestd that resulted in "`Requested data_parser plugin does not support OpenAPI plugin`" error being returned for valid endpoints. * Fix race between `task/cgroup` CPUset and `jobacctgather/cgroup`. The first was removing the pid from `task_X` cgroup directory causing memory limits to not being applied. * If multiple partitions are requested, set the `SLURM_JOB_PARTITION` output environment variable to thepartition in which the job is running for `salloc` and `srun` in order to match the documentation and the behavior of `sbatch`. * `srun` \- Fixed wrongly constructed `SLURM_CPU_BIND` env variable that could get propagated to downward srun calls in certain mpi environments, causing launch failures. * Don't print misleading errors for stepmgr enabled steps. * `slurmrestd` \- Avoid connection to slurmdbd for the following endpoints: `GET /slurm/v0.0.41/jobs GET /slurm/v0.0.41/job/{job_id}` * `slurmrestd` \- Avoid connection to slurmdbd for the following endpoints: `GET /slurm/v0.0.40/jobs GET /slurm/v0.0.40/job/{job_id}` * `slurmrestd` \- Fix possible memory leak when parsing arrays with `data_parser/v0.0.40`. * `slurmrestd` \- Fix possible memory leak when parsing arrays with `data_parser/v0.0.41`. * `slurmrestd` \- Fix possible memory leak when parsing arrays with `data_parser/v0.0.42`. * Changes from version 24.11.2 * Fix segfault when submitting `--test-only` jobs that can preempt. * Fix regression introduced in 23.11 that prevented the following flags from being added to a reservation on an update: `DAILY`, `HOURLY`, `WEEKLY`, `WEEKDAY`, and `WEEKEND`. * Fix crash and issues evaluating job's suitability for running in nodes with already suspended job(s) there. * `slurmctld` will ensure that healthy nodes are not reported as `UnavailableNodes` in job reason codes. * Fix handling of jobs submitted to a current reservation with flags `OVERLAP,FLEX` or `OVERLAP,ANY_NODES` when it overlaps nodes with a future maintenance reservation. When a job submission had a time limit that overlapped with the future maintenance reservation, it was rejected. Now the job is accepted but stays pending with the reason "`ReqNodeNotAvail, Reserved for maintenance`". * `pam_slurm_adopt` \- avoid errors when explicitly setting some arguments to the default value. * Fix QOS preemption with `PreemptMode=SUSPEND`. * `slurmdbd` \-When changing a user's name update lineage at the same time. * Fix regression in 24.11 in which `burst_buffer.lua` does not inherit the `SLURM_CONF` environment variable from `slurmctld` and fails to run if slurm.conf is in a non-standard location. * Fix memory leak in slurmctld if `select/linear` and the `PreemptParameters=reclaim_licenses` options are both set in `slurm.conf`. Regression in 24.11.1. * Fix running jobs, that requested multiple partitions, from potentially being set to the wrong partition on restart. * `switch/hpe_slingshot` \- Fix compatibility with newer cxi drivers, specifically when specifying `disable_rdzv_get`. * Add `ABORT_ON_FATAL` environment variable to capture a backtrace from any `fatal()` message. * Fix printing invalid address in rate limiting log statement. * `sched/backfill` \- Fix node state `PLANNED` not being cleared from fully allocated nodes during a backfill cycle. * `select/cons_tres` \- Fix future planning of jobs with `bf_licenses`. * Prevent redundant "`on_data returned rc: Rate limit exceeded, please retry momentarily`" error message from being printed in slurmctld logs. * Fix loading non-default QOS on pending jobs from pre-24.11 state. * Fix pending jobs displaying `QOS=(null)` when not explicitly requesting a QOS. * Fix segfault issue from job record with no `job_resrcs`. * Fix failing `sacctmgr delete/modify/show` account operations with `where` clauses. * Fix regression in 24.11 in which Slurm daemons started catching several `SIGTSTP`, `SIGTTIN` and `SIGUSR1` signals and ignored them, while before they were not ignoring them. This also caused slurmctld to not being able to shutdown after a `SIGTSTP` because slurmscriptd caught the signal and stopped while slurmctld ignored it. Unify and fix these situations and get back to the previous behavior for these signals. * Document that `SIGQUIT` is no longer ignored by `slurmctld`, `slurmdbd`, and slurmd in 24.11. As of24.11.0rc1, `SIGQUIT` is identical to `SIGINT` and `SIGTERM` for these daemons, but this change was not documented. * Fix not considering nodes marked for reboot without ASAP in the scheduler. * Remove the `boot^` state on unexpected node reboot after return to service. * Do not allow new jobs to start on a node which is being rebooted with the flag `nextstate=resume`. * Prevent lower priority job running after cancelling an ASAP reboot. * Fix srun jobs starting on `nextstate=resume` rebooting nodes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2025-1757=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_24_11-24.11.5-3.8.1 * slurm_24_11-torque-debuginfo-24.11.5-3.8.1 * slurm_24_11-munge-debuginfo-24.11.5-3.8.1 * slurm_24_11-node-24.11.5-3.8.1 * slurm_24_11-auth-none-debuginfo-24.11.5-3.8.1 * slurm_24_11-node-debuginfo-24.11.5-3.8.1 * slurm_24_11-pam_slurm-24.11.5-3.8.1 * libnss_slurm2_24_11-debuginfo-24.11.5-3.8.1 * slurm_24_11-sview-24.11.5-3.8.1 * slurm_24_11-lua-debuginfo-24.11.5-3.8.1 * libnss_slurm2_24_11-24.11.5-3.8.1 * slurm_24_11-devel-24.11.5-3.8.1 * slurm_24_11-slurmdbd-debuginfo-24.11.5-3.8.1 * slurm_24_11-torque-24.11.5-3.8.1 * slurm_24_11-munge-24.11.5-3.8.1 * slurm_24_11-sview-debuginfo-24.11.5-3.8.1 * slurm_24_11-plugins-debuginfo-24.11.5-3.8.1 * slurm_24_11-sql-24.11.5-3.8.1 * libpmi0_24_11-24.11.5-3.8.1 * slurm_24_11-slurmdbd-24.11.5-3.8.1 * perl-slurm_24_11-24.11.5-3.8.1 * slurm_24_11-debuginfo-24.11.5-3.8.1 * libpmi0_24_11-debuginfo-24.11.5-3.8.1 * slurm_24_11-auth-none-24.11.5-3.8.1 * slurm_24_11-cray-24.11.5-3.8.1 * libslurm42-debuginfo-24.11.5-3.8.1 * slurm_24_11-plugins-24.11.5-3.8.1 *slurm_24_11-sql-debuginfo-24.11.5-3.8.1 * slurm_24_11-lua-24.11.5-3.8.1 * slurm_24_11-pam_slurm-debuginfo-24.11.5-3.8.1 * perl-slurm_24_11-debuginfo-24.11.5-3.8.1 * libslurm42-24.11.5-3.8.1 * HPC Module 12 (noarch) * slurm_24_11-doc-24.11.5-3.8.1 * slurm_24_11-webdoc-24.11.5-3.8.1 * slurm_24_11-config-man-24.11.5-3.8.1 * slurm_24_11-config-24.11.5-3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43904.html * https://bugzilla.suse.com/show_bug.cgi?id=1243666 . The latest release for slurm_24_11 tackles critical access control vulnerabilities, significantly bolstering the security framework within SUSE Linux high-performance computing environments.. SUSE Linux HPC, Slurm update, Permission fix, Security update. . Severity: Important. LinuxSecurity.com Team
May 29, 2025
•Important
SuSE
100
security advisorycritical updatefilesystem issueSUSE Linux 2023:4566-1 Important: slurm_23_02 Critical File Issue
* bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 . # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4566-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4566=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4566=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4566=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4566=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4566=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-hdf5-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-testsuite-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-hdf5-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 *slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * openSUSE Leap 15.3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-openlava-23.02.6-150300.7.14.1 * slurm_23_02-sjstat-23.02.6-150300.7.14.1 * slurm_23_02-seff-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 *slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * openSUSE Leap 15.4 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * HPC Module 15-SP4 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 *libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * HPC Module 15-SP4 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 *slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 *slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 . Latest SUSE security advisory for slurm_23_02, emphasizing critical vulnerabilities and essential updates. Protect your infrastructure!. SUSE Security Advisory, slurm update, filesystem issues, HPC Module, SUSE patch. . Severity: Important. LinuxSecurity.com Team
Nov 24, 2023
•Important
SuSE
100
security advisoryfilesystem issueimportant fixopenSUSE: 2023:4329-1 Important: Slurm Filesystem Race Condition
* bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 . # Security update for slurm Announcement ID: SUSE-SU-2023:4329-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4329=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4329=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4329=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-debugsource-20.11.9-150200.6.13.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.13.1 *slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-rest-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-seff-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.13.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-openlava-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * perl-slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sjstat-20.11.9-150200.6.13.1 * slurm_20_11-cray-20.11.9-150200.6.13.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-debugsource-20.11.9-150200.6.13.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-rest-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-seff-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.13.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-openlava-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * perl-slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sjstat-20.11.9-150200.6.13.1 * slurm_20_11-cray-20.11.9-150200.6.13.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libslurm36-20.11.9-150200.6.13.1 * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 *slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libslurm36-debuginfo-20.11.9-150200.6.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 . Crucial slurm security patch for SUSE users focusing on filesystem processing weaknesses to bolster overall system reliability.. SUSE Linux, Security Update, Slurm Patch, Important Fixes, Filesystem Issues. . Severity: Important. LinuxSecurity.com Team
Nov 01, 2023
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!