Security update for slurm_20_11 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2295-1 Final 1 1 2021-07-12T06:27:12Z current 2021-07-12T06:27:12Z 2021-07-12T06:27:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm_20_11 This update for slurm_20_11 fixes the following issues: Updated to 20.11.7 Summary of new features: * CVE-2021-31215: Fixed a remote code execution as SlurmUser (bsc#1186024). * slurmd - handle configless failures gracefully instead of hanging indefinitely. * select/cons_tres - fix Dragonfly topology not selecting nodes in the same leaf switch when it should as well as requests with *-switches option. * Fix issue where certain step requests wouldn't run if the first node in the job allocation was full and there were idle resources on other nodes in the job allocation. * Fix deadlock issue with <Prolog|Epilog>Slurmctld. * torque/qstat - fix printf error message in output. * When adding associations or wckeys avoid checking multiple times a user or cluster name. * Fix wrong jobacctgather information on a step on multiple nodes due to timeouts sending its the information gathered on its node. * Fix missing xstrdup which could result in slurmctld segfault on array jobs. * Fix security issue in PrologSlurmctld and EpilogSlurmctld by always prepending SPANK_ to all user-set environment variables. CVE-2021-31215. * Fix sacct assert with the --qos option. * Use pkg-config --atleast-version instead of --modversion for systemd. * common/fd - fix getsockopt() call in fd_get_socket_error(). * Properly handle the return from fd_get_socket_error() in _conn_readable(). * cons_res - Fix issue where running jobs were not taken into consideration when creating a reservation. * Avoid a deadlock between job_list for_each and assoc QOS_LOCK. * Fix TRESRunMins usage for partition qos on restart/reconfig. * Fix printing of number of tasks on a completed job that didn't request tasks. * Fix updating GrpTRESRunMins when decrementing job time is bigger than it. * Make it so we handle multithreaded allocations correctly when doing --exclusive or --core-spec allocations. * Fix incorrect round-up division in _pick_step_cores * Use appropriate math to adjust cpu counts when --ntasks-per-core=1. * cons_tres - Fix consideration of power downed nodes. * cons_tres - Fix DefCpuPerGPU, increase cpus-per-task to match with gpus-per-task * cpus-per-gpu. * Fix under-cpu memory auto-adjustment when MaxMemPerCPU is set. * Make it possible to override CR_CORE_DEFAULT_DIST_BLOCK. * Perl API - fix retrieving/storing of slurm_step_id_t in job_step_info_t. * Recover state of burst buffers when slurmctld is restarted to avoid skipping burst buffer stages. * Fix race condition in burst buffer plugin which caused a burst buffer in stage-in to not get state saved if slurmctld stopped. * auth/jwt - print an error if jwt_file= has not been set in slurmdbd. * Fix RESV_DEL_HOLD not being a valid state when using squeue --states. * Add missing squeue selectable states in valid states error message. * Fix scheduling last array task multiple times on error, causing segfault. * Fix issue where a step could be allocated more memory than the job when dealing with --mem-per-cpu and --threads-per-core. * Fix removing qos from assoc with -= can lead to assoc with no qos * auth/jwt - fix segfault on invalid credential in slurmdbd due to missing validate_slurm_user() function in context. * Fix single Port= not being applied to range of nodes in slurm.conf * Fix Jobs not requesting a tres are not starting because of that tres limit. * acct_gather_energy/rapl - fix AveWatts calculation. * job_container/tmpfs - Fix issues with cleanup and slurmd restarting on running jobs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2295,SUSE-SLE-Module-HPC-15-SP2-2021-2295,SUSE-SLE-Product-HPC-15-SP2-2021-2295 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212295-1/ Link for SUSE-SU-2021:2295-1 https://lists.suse.com/pipermail/sle-security-updates/2021-July/009122.html E-Mail link for SUSE-SU-2021:2295-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180700 SUSE Bug 1180700 https://bugzilla.suse.com/1185603 SUSE Bug 1185603 https://bugzilla.suse.com/1186024 SUSE Bug 1186024 https://www.suse.com/security/cve/CVE-2021-31215/ SUSE CVE CVE-2021-31215 page SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for HPC 15 SP2 libnss_slurm2_20_11-20.11.7-6.5.1 libpmi0_20_11-20.11.7-6.5.1 libslurm36-20.11.7-6.5.1 perl-slurm_20_11-20.11.7-6.5.1 slurm_20_11-20.11.7-6.5.1 slurm_20_11-auth-none-20.11.7-6.5.1 slurm_20_11-config-20.11.7-6.5.1 slurm_20_11-config-man-20.11.7-6.5.1 slurm_20_11-cray-20.11.7-6.5.1 slurm_20_11-devel-20.11.7-6.5.1 slurm_20_11-doc-20.11.7-6.5.1 slurm_20_11-hdf5-20.11.7-6.5.1 slurm_20_11-lua-20.11.7-6.5.1 slurm_20_11-munge-20.11.7-6.5.1 slurm_20_11-node-20.11.7-6.5.1 slurm_20_11-openlava-20.11.7-6.5.1 slurm_20_11-pam_slurm-20.11.7-6.5.1 slurm_20_11-plugins-20.11.7-6.5.1 slurm_20_11-rest-20.11.7-6.5.1 slurm_20_11-seff-20.11.7-6.5.1 slurm_20_11-sjstat-20.11.7-6.5.1 slurm_20_11-slurmdbd-20.11.7-6.5.1 slurm_20_11-sql-20.11.7-6.5.1 slurm_20_11-sview-20.11.7-6.5.1 slurm_20_11-torque-20.11.7-6.5.1 slurm_20_11-webdoc-20.11.7-6.5.1 libnss_slurm2_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 libpmi0_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 libslurm36-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 perl-slurm_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-auth-none-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-config-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-config-man-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-devel-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-doc-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-lua-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-munge-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-node-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-pam_slurm-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-plugins-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-slurmdbd-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-sql-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-sview-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-torque-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 slurm_20_11-webdoc-20.11.7-6.5.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2 libnss_slurm2_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 libpmi0_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 libslurm36-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 perl-slurm_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-auth-none-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-config-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-config-man-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-devel-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-doc-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-lua-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-munge-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-node-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-pam_slurm-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-plugins-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-slurmdbd-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-sql-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-sview-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-torque-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 slurm_20_11-webdoc-20.11.7-6.5.1 as a component of SUSE Linux Enterprise Module for HPC 15 SP2 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. CVE-2021-31215 SUSE Linux Enterprise High Performance Computing 15 SP2:libnss_slurm2_20_11-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:libpmi0_20_11-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:libslurm36-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:perl-slurm_20_11-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-auth-none-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-config-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-config-man-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-devel-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-doc-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-lua-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-munge-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-node-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-pam_slurm-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-plugins-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-slurmdbd-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-sql-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-sview-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-torque-20.11.7-6.5.1 SUSE Linux Enterprise High Performance Computing 15 SP2:slurm_20_11-webdoc-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:libnss_slurm2_20_11-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:libpmi0_20_11-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:libslurm36-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:perl-slurm_20_11-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-auth-none-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-config-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-config-man-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-devel-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-doc-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-lua-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-munge-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-node-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-pam_slurm-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-plugins-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-slurmdbd-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-sql-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-sview-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-torque-20.11.7-6.5.1 SUSE Linux Enterprise Module for HPC 15 SP2:slurm_20_11-webdoc-20.11.7-6.5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212295-1/ https://www.suse.com/security/cve/CVE-2021-31215.html CVE-2021-31215 https://bugzilla.suse.com/1186024 SUSE Bug 1186024