SUSE-SU-2020:0110-1

CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692).
CVE-2019-12838: Fixed SchedMD Slurm SQL Injection issue (bnc#1140709).
CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784).

Bug fixes:

Fix ownership of /var/spool/slurm on new installations and upgrade (bsc#1158696).
Fix %posttrans macro resupdate to cope with added newline (bsc#1153259).
Move srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095).

References

Affected packages

SUSE:Linux Enterprise Module for HPC 15 SP1 / slurm

Package

Name: slurm
Purl: pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.08.9-3.10.1

Ecosystem specific

{
    "binaries": [
        {
            "slurm-doc": "18.08.9-3.10.1",
            "slurm-auth-none": "18.08.9-3.10.1",
            "slurm-plugins": "18.08.9-3.10.1",
            "slurm-node": "18.08.9-3.10.1",
            "slurm-config": "18.08.9-3.10.1",
            "slurm-sview": "18.08.9-3.10.1",
            "perl-slurm": "18.08.9-3.10.1",
            "libpmi0": "18.08.9-3.10.1",
            "libslurm33": "18.08.9-3.10.1",
            "slurm-pam_slurm": "18.08.9-3.10.1",
            "slurm-torque": "18.08.9-3.10.1",
            "slurm-munge": "18.08.9-3.10.1",
            "slurm-devel": "18.08.9-3.10.1",
            "slurm-lua": "18.08.9-3.10.1",
            "slurm-slurmdbd": "18.08.9-3.10.1",
            "slurm-config-man": "18.08.9-3.10.1",
            "slurm-sql": "18.08.9-3.10.1",
            "slurm": "18.08.9-3.10.1"
        }
    ]
}