Security update for slurm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1652-1 Final 1 1 2018-06-11T11:39:10Z current 2018-06-11T11:39:10Z 2018-06-11T11:39:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm This update for slurm to version 17.02.11 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure proper handling of user names (aka user_name fields) and group ids (aka gid fields) (bsc#1095508). This non-security issue was fixed: - Move config files to slurm-config package to provide slurmdbd with the slurm user (bsc#1091063). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-HPC-12-2018-1114 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181652-1/ Link for SUSE-SU-2018:1652-1 https://lists.suse.com/pipermail/sle-security-updates/2018-June/004181.html E-Mail link for SUSE-SU-2018:1652-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1091063 SUSE Bug 1091063 https://bugzilla.suse.com/1095508 SUSE Bug 1095508 https://www.suse.com/security/cve/CVE-2018-10995/ SUSE CVE CVE-2018-10995 page SUSE Linux Enterprise Module for HPC 12 libpmi0-17.02.11-6.19.1 libslurm31-17.02.11-6.19.1 perl-slurm-17.02.11-6.19.1 slurm-17.02.11-6.19.1 slurm-auth-none-17.02.11-6.19.1 slurm-config-17.02.11-6.19.1 slurm-devel-17.02.11-6.19.1 slurm-doc-17.02.11-6.19.1 slurm-lua-17.02.11-6.19.1 slurm-munge-17.02.11-6.19.1 slurm-pam_slurm-17.02.11-6.19.1 slurm-plugins-17.02.11-6.19.1 slurm-sched-wiki-17.02.11-6.19.1 slurm-slurmdb-direct-17.02.11-6.19.1 slurm-slurmdbd-17.02.11-6.19.1 slurm-sql-17.02.11-6.19.1 slurm-torque-17.02.11-6.19.1 libpmi0-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 libslurm31-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 perl-slurm-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-auth-none-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-config-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-devel-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-doc-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-lua-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-munge-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-pam_slurm-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-plugins-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-sched-wiki-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-slurmdb-direct-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-slurmdbd-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-sql-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 slurm-torque-17.02.11-6.19.1 as a component of SUSE Linux Enterprise Module for HPC 12 SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). CVE-2018-10995 SUSE Linux Enterprise Module for HPC 12:libpmi0-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:libslurm31-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:perl-slurm-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-auth-none-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-config-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-devel-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-doc-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-lua-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-munge-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-pam_slurm-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-plugins-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-sched-wiki-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-slurmdb-direct-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-slurmdbd-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-sql-17.02.11-6.19.1 SUSE Linux Enterprise Module for HPC 12:slurm-torque-17.02.11-6.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181652-1/ https://www.suse.com/security/cve/CVE-2018-10995.html CVE-2018-10995 https://bugzilla.suse.com/1095508 SUSE Bug 1095508