Security update for slurm_18_08 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1468-1 Final 1 1 2020-09-19T12:22:51Z current 2020-09-19T12:22:51Z 2020-09-19T12:22:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slurm_18_08 This update for slurm_18_08 fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. (CVE-2020-12693, bsc#1172004). Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch - Remove unneeded build dependency to postgresql-devel. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1468 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOGBNQCP74CSMJ5E2JK4ACYCZHB34XNQ/ E-Mail link for openSUSE-SU-2020:1468-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172004 SUSE Bug 1172004 https://www.suse.com/security/cve/CVE-2020-12693/ SUSE CVE CVE-2020-12693 page openSUSE Leap 15.2 libpmi0-18.08.9-lp152.2.1 libslurm33-18.08.9-lp152.2.1 perl-slurm-18.08.9-lp152.2.1 slurm-18.08.9-lp152.2.1 slurm-auth-none-18.08.9-lp152.2.1 slurm-config-18.08.9-lp152.2.1 slurm-config-man-18.08.9-lp152.2.1 slurm-cray-18.08.9-lp152.2.1 slurm-devel-18.08.9-lp152.2.1 slurm-doc-18.08.9-lp152.2.1 slurm-hdf5-18.08.9-lp152.2.1 slurm-lua-18.08.9-lp152.2.1 slurm-munge-18.08.9-lp152.2.1 slurm-node-18.08.9-lp152.2.1 slurm-openlava-18.08.9-lp152.2.1 slurm-pam_slurm-18.08.9-lp152.2.1 slurm-plugins-18.08.9-lp152.2.1 slurm-seff-18.08.9-lp152.2.1 slurm-sjstat-18.08.9-lp152.2.1 slurm-slurmdbd-18.08.9-lp152.2.1 slurm-sql-18.08.9-lp152.2.1 slurm-sview-18.08.9-lp152.2.1 slurm-torque-18.08.9-lp152.2.1 slurm-webdoc-18.08.9-lp152.2.1 libpmi0-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 libslurm33-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 perl-slurm-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-auth-none-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-config-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-config-man-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-cray-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-devel-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-doc-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-hdf5-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-lua-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-munge-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-node-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-openlava-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-pam_slurm-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-plugins-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-seff-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-sjstat-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-slurmdbd-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-sql-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-sview-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-torque-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 slurm-webdoc-18.08.9-lp152.2.1 as a component of openSUSE Leap 15.2 Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. CVE-2020-12693 openSUSE Leap 15.2:libpmi0-18.08.9-lp152.2.1 openSUSE Leap 15.2:libslurm33-18.08.9-lp152.2.1 openSUSE Leap 15.2:perl-slurm-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-auth-none-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-config-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-config-man-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-cray-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-devel-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-doc-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-hdf5-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-lua-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-munge-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-node-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-openlava-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-pam_slurm-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-plugins-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-seff-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-sjstat-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-slurmdbd-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-sql-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-sview-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-torque-18.08.9-lp152.2.1 openSUSE Leap 15.2:slurm-webdoc-18.08.9-lp152.2.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOGBNQCP74CSMJ5E2JK4ACYCZHB34XNQ/ https://www.suse.com/security/cve/CVE-2020-12693.html CVE-2020-12693 https://bugzilla.suse.com/1172004 SUSE Bug 1172004 https://bugzilla.suse.com/1173804 SUSE Bug 1173804