Detections
Analytics
SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm36 / perl-slurm / slurm / etc (SUSE-SU-2021:2473-1)
high Nessus Plugin ID 152104
Language:
Synopsis
The remote SUSE host is missing a security update.Description
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2473-1 advisory.Updated to 20.11.7
Summary of new features:
* CVE-2021-31215: Fixed a remote code execution as SlurmUser (bsc#1186024).
* slurmd - handle configless failures gracefully instead of hanging indefinitely.
* select/cons_tres - fix Dragonfly topology not selecting nodes in the same leaf switch when it should as well as requests with *-switches option.
* Fix issue where certain step requests wouldn't run if the first node in the job allocation was full and there were idle resources on other nodes in the job allocation.
* Fix deadlock issue with <Prolog|Epilog>Slurmctld.
* torque/qstat - fix printf error message in output.
* When adding associations or wckeys avoid checking multiple times a user or cluster name.
* Fix wrong jobacctgather information on a step on multiple nodes due to timeouts sending its the information gathered on its node.
* Fix missing xstrdup which could result in slurmctld segfault on array jobs.
* Fix security issue in PrologSlurmctld and EpilogSlurmctld by always prepending SPANK_ to all user-set environment variables. CVE-2021-31215.
* Fix sacct assert with the --qos option.
* Use pkg-config --atleast-version instead of --modversion for systemd.
* common/fd - fix getsockopt() call in fd_get_socket_error().
* Properly handle the return from fd_get_socket_error() in _conn_readable().
* cons_res - Fix issue where running jobs were not taken into consideration when creating a reservation.
* Avoid a deadlock between job_list for_each and assoc QOS_LOCK.
* Fix TRESRunMins usage for partition qos on restart/reconfig.
* Fix printing of number of tasks on a completed job that didn't request tasks.
* Fix updating GrpTRESRunMins when decrementing job time is bigger than it.
* Make it so we handle multithreaded allocations correctly when doing
--exclusive or --core-spec allocations.
* Fix incorrect round-up division in _pick_step_cores
* Use appropriate math to adjust cpu counts when --ntasks-per-core=1.
* cons_tres - Fix consideration of power downed nodes.
* cons_tres - Fix DefCpuPerGPU, increase cpus-per-task to match with gpus-per-task * cpus-per-gpu.
* Fix under-cpu memory auto-adjustment when MaxMemPerCPU is set.
* Make it possible to override CR_CORE_DEFAULT_DIST_BLOCK.
* Perl API - fix retrieving/storing of slurm_step_id_t in job_step_info_t.
* Recover state of burst buffers when slurmctld is restarted to avoid skipping burst buffer stages.
* Fix race condition in burst buffer plugin which caused a burst buffer in stage-in to not get state saved if slurmctld stopped.
* auth/jwt - print an error if jwt_file= has not been set in slurmdbd.
* Fix RESV_DEL_HOLD not being a valid state when using squeue --states.
* Add missing squeue selectable states in valid states error message.
* Fix scheduling last array task multiple times on error, causing segfault.
* Fix issue where a step could be allocated more memory than the job when dealing with --mem-per-cpu and --threads-per-core.
* Fix removing qos from assoc with -= can lead to assoc with no qos
* auth/jwt - fix segfault on invalid credential in slurmdbd due to missing validate_slurm_user() function in context.
* Fix single Port= not being applied to range of nodes in slurm.conf
* Fix Jobs not requesting a tres are not starting because of that tres limit.
* acct_gather_energy/rapl - fix AveWatts calculation.
* job_container/tmpfs - Fix issues with cleanup and slurmd restarting on running jobs.
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1180700
https://bugzilla.suse.com/1186024
Plugin Details
Severity: High
ID: 152104
File Name: suse_SU-2021-2473-1.nasl
Version: 1.6
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/27/2021
Updated: 6/25/2026
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2021-31215
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:slurm-torque, p-cpe:/a:novell:suse_linux:libnss_slurm2, p-cpe:/a:novell:suse_linux:slurm-rest, p-cpe:/a:novell:suse_linux:slurm-sql, p-cpe:/a:novell:suse_linux:libpmi0, p-cpe:/a:novell:suse_linux:slurm-doc, p-cpe:/a:novell:suse_linux:slurm-slurmdbd, p-cpe:/a:novell:suse_linux:perl-slurm, p-cpe:/a:novell:suse_linux:slurm-auth-none, p-cpe:/a:novell:suse_linux:slurm-sview, p-cpe:/a:novell:suse_linux:slurm-config-man, p-cpe:/a:novell:suse_linux:slurm-devel, p-cpe:/a:novell:suse_linux:slurm-webdoc, p-cpe:/a:novell:suse_linux:slurm-config, p-cpe:/a:novell:suse_linux:slurm-node, p-cpe:/a:novell:suse_linux:slurm-munge, p-cpe:/a:novell:suse_linux:slurm-plugins, p-cpe:/a:novell:suse_linux:libslurm36, p-cpe:/a:novell:suse_linux:slurm-lua, p-cpe:/a:novell:suse_linux:slurm, p-cpe:/a:novell:suse_linux:slurm-pam_slurm, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/27/2021
Vulnerability Publication Date: 5/13/2021
Reference Information
CVE: CVE-2021-31215
SuSE: SUSE-SU-2021:2473-1