SUSE SLES12 Security Update : pdsh, slurm_20_02 (SUSE-SU-2020:2607-1)

high Nessus Plugin ID 143870

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for pdsh, slurm_20_02 fixes the following issues :

Changes in slurm_20_02 :

Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805).

Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this fail.

Remove unneeded build dependency to postgresql-devel.

Disable build on s390 (requires 64bit).

Bring QA to the package build: add %%check stage.

Remove cruft that isn't needed any longer.

Add 'ghosted' run-file.

Add rpmlint filter to handle issues with library packages for Leap and enterprise upgrade versions.

Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004).

Other changes are :

- Factor in ntasks-per-core=1 with cons_tres.

- Fix formatting in error message in cons_tres.

- Fix calling stat on a NULL variable.

- Fix minor memory leak when using reservations with flags=first_cores.

- Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node.

- Fix --mem-per-gpu for heterogenous --gres requests.

- Fix slurmctld load order in load_all_part_state().

- Fix race condition not finding jobacct gather task cgroup entry.

- Suppress error message when selecting nodes on disjoint topologies.

- Improve performance of _pack_default_job_details() with large number of job

- arguments.

- Fix archive loading previous to 17.11 jobs per-node req_mem.

- Fix regresion validating that --gpus-per-socket requires

--sockets-per-node

- for steps. Should only validate allocation requests.

- error() instead of fatal() when parsing an invalid hostlist.

- nss_slurm - fix potential deadlock in slurmstepd on overloaded systems.

- cons_tres - fix --gres-flags=enforce-binding and related

--cpus-per-gres.

- cons_tres - Allocate lowest numbered cores when filtering cores with gres.

- Fix getting system counts for named GRES/TRES.

- MySQL - Fix for handing typed GRES for association rollups.

- Fix step allocations when tasks_per_core > 1.

- Fix allocating more GRES than requested when asking for multiple GRES types.

Treat libnss_slurm like any other package: add version string to upgrade package.

Updated to 20.02.1 with following changes'

- Improve job state reason for jobs hitting partition_job_depth.

- Speed up testing of singleton dependencies.

- Fix negative loop bound in cons_tres.

- srun - capture the MPI plugin return code from mpi_hook_client_fini() and use as final return code for step failure.

- Fix segfault in cli_filter/lua.

- Fix --gpu-bind=map_gpu reusability if tasks > elements.

- Make sure config_flags on a gres are sent to the slurmctld on node registration.

- Prolog/Epilog - Fix missing GPU information.

- Fix segfault when using config parser for expanded lines.

- Fix bit overlap test function.

- Don't accrue time if job begin time is in the future.

- Remove accrue time when updating a job start/eligible time to the future.

- Fix regression in 20.02.0 that broke --depend=expand.

- Reset begin time on job release if it's not in the future.

- Fix for recovering burst buffers when using high-availability.

- Fix invalid read due to freeing an incorrectly allocated env array.

- Update slurmctld -i message to warn about losing data.

- Fix scontrol cancel_reboot so it clears the DRAIN flag and node reason for a pending ASAP reboot.

Changes in pdsh: Bring QA to the package build: add %%check stage

Since the build for the SLE-12 HPC Module got fixed, simplify spec file and remove legacy workarounds.

Remove _multibuild file where not needed.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for HPC 12 :

zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2607=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1084125

https://bugzilla.suse.com/show_bug.cgi?id=1085240

https://bugzilla.suse.com/show_bug.cgi?id=1088693

https://www.suse.com/security/cve/CVE-2018-7033/

https://bugzilla.suse.com/show_bug.cgi?id=1095508

https://www.suse.com/security/cve/CVE-2018-10995/

https://bugzilla.suse.com/show_bug.cgi?id=1123304

https://www.suse.com/security/cve/CVE-2019-6438/

https://bugzilla.suse.com/show_bug.cgi?id=1140709

https://www.suse.com/security/cve/CVE-2019-12838/

https://bugzilla.suse.com/show_bug.cgi?id=1007053

https://bugzilla.suse.com/show_bug.cgi?id=1031872

https://bugzilla.suse.com/show_bug.cgi?id=1041706

https://bugzilla.suse.com/show_bug.cgi?id=1065697

https://www.suse.com/security/cve/CVE-2017-15566/

https://bugzilla.suse.com/show_bug.cgi?id=1153095

https://bugzilla.suse.com/show_bug.cgi?id=1153259

https://bugzilla.suse.com/show_bug.cgi?id=1155784

https://bugzilla.suse.com/show_bug.cgi?id=1158696

https://bugzilla.suse.com/show_bug.cgi?id=1159692

https://www.suse.com/security/cve/CVE-2019-19727/

https://www.suse.com/security/cve/CVE-2019-19728/

https://bugzilla.suse.com/show_bug.cgi?id=1018371

https://www.suse.com/security/cve/CVE-2016-10030/

https://bugzilla.suse.com/show_bug.cgi?id=1172004

https://www.suse.com/security/cve/CVE-2020-12693/

https://bugzilla.suse.com/show_bug.cgi?id=1173805

https://bugzilla.suse.com/show_bug.cgi?id=1084917

https://bugzilla.suse.com/show_bug.cgi?id=1085606

https://bugzilla.suse.com/show_bug.cgi?id=1086859

https://bugzilla.suse.com/show_bug.cgi?id=1090292

https://bugzilla.suse.com/show_bug.cgi?id=1100850

https://bugzilla.suse.com/show_bug.cgi?id=1103561

https://bugzilla.suse.com/show_bug.cgi?id=1108671

https://bugzilla.suse.com/show_bug.cgi?id=1109373

https://bugzilla.suse.com/show_bug.cgi?id=1116758

https://bugzilla.suse.com/show_bug.cgi?id=1161716

https://bugzilla.suse.com/show_bug.cgi?id=1162377

https://bugzilla.suse.com/show_bug.cgi?id=1164326

https://bugzilla.suse.com/show_bug.cgi?id=1164386

http://www.nessus.org/u?8522e9c3

Plugin Details

Severity: High

ID: 143870

File Name: suse_SU-2020-2607-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/9/2020

Updated: 12/11/2020

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2016-10030

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:pdsh-slurm_18_08:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:pdsh-slurm_18_08-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libpmi0_20_02:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libpmi0_20_02-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libslurm35:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libslurm35-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:perl-slurm_20_02:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:perl-slurm_20_02-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-auth-none:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-auth-none-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-config:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-config-man:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-doc:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-lua:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-lua-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-munge:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-munge-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-node:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-node-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-pam_slurm:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-pam_slurm-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-plugins:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-plugins-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-slurmdbd:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-slurmdbd-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-sql:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-sql-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-sview:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-sview-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-torque:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:slurm_20_02-torque-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libnss_slurm2_20_02:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libnss_slurm2_20_02-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:pdsh-slurm_20_02:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:pdsh-slurm_20_02-debuginfo:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2020

Vulnerability Publication Date: 1/5/2017

Reference Information

CVE: CVE-2018-7033, CVE-2018-10995, CVE-2019-6438, CVE-2019-12838, CVE-2017-15566, CVE-2016-10030, CVE-2019-19727, CVE-2019-19728, CVE-2020-12693