SUSE-SU-2020:2607-1: moderate: Security update for pdsh, slurm_20_02
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Sep 11 04:35:31 MDT 2020
SUSE Security Update: Security update for pdsh, slurm_20_02
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2607-1
Rating: moderate
References: #1007053 #1018371 #1031872 #1041706 #1065697
#1084125 #1084917 #1085240 #1085606 #1086859
#1088693 #1090292 #1095508 #1100850 #1103561
#1108671 #1109373 #1116758 #1123304 #1140709
#1153095 #1153259 #1155784 #1158696 #1159692
#1161716 #1162377 #1164326 #1164386 #1172004
#1173805 SLE-10800 SLE-7341 SLE-7342 SLE-8491
Cross-References: CVE-2016-10030 CVE-2017-15566 CVE-2018-10995
CVE-2018-7033 CVE-2019-12838 CVE-2019-19727
CVE-2019-19728 CVE-2019-6438 CVE-2020-12693
Affected Products:
SUSE Linux Enterprise Module for HPC 12
______________________________________________________________________________
An update that solves 9 vulnerabilities, contains four
features and has 22 fixes is now available.
Description:
This update for pdsh, slurm_20_02 fixes the following issues:
Changes in slurm_20_02:
- Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805).
- Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this
fail.
- Remove unneeded build dependency to postgresql-devel.
- Disable build on s390 (requires 64bit).
- Bring QA to the package build: add %%check stage.
- Remove cruft that isn't needed any longer.
- Add 'ghosted' run-file.
- Add rpmlint filter to handle issues with library packages for Leap and
enterprise upgrade versions.
- Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004).
- Other changes are:
* Factor in ntasks-per-core=1 with cons_tres.
* Fix formatting in error message in cons_tres.
* Fix calling stat on a NULL variable.
* Fix minor memory leak when using reservations with flags=first_cores.
* Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node.
* Fix --mem-per-gpu for heterogenous --gres requests.
* Fix slurmctld load order in load_all_part_state().
* Fix race condition not finding jobacct gather task cgroup entry.
* Suppress error message when selecting nodes on disjoint topologies.
* Improve performance of _pack_default_job_details() with large number of
job
* arguments.
* Fix archive loading previous to 17.11 jobs per-node req_mem.
* Fix regresion validating that --gpus-per-socket requires
--sockets-per-node
* for steps. Should only validate allocation requests.
* error() instead of fatal() when parsing an invalid hostlist.
* nss_slurm - fix potential deadlock in slurmstepd on overloaded systems.
* cons_tres - fix --gres-flags=enforce-binding and related
--cpus-per-gres.
* cons_tres - Allocate lowest numbered cores when filtering cores with
gres.
* Fix getting system counts for named GRES/TRES.
* MySQL - Fix for handing typed GRES for association rollups.
* Fix step allocations when tasks_per_core > 1.
* Fix allocating more GRES than requested when asking for multiple GRES
types.
- Treat libnss_slurm like any other package: add version string to upgrade
package.
- Updated to 20.02.1 with following changes"
* Improve job state reason for jobs hitting partition_job_depth.
* Speed up testing of singleton dependencies.
* Fix negative loop bound in cons_tres.
* srun - capture the MPI plugin return code from mpi_hook_client_fini()
and use as final return code for step failure.
* Fix segfault in cli_filter/lua.
* Fix --gpu-bind=map_gpu reusability if tasks > elements.
* Make sure config_flags on a gres are sent to the slurmctld on node
registration.
* Prolog/Epilog - Fix missing GPU information.
* Fix segfault when using config parser for expanded lines.
* Fix bit overlap test function.
* Don't accrue time if job begin time is in the future.
* Remove accrue time when updating a job start/eligible time to the
future.
* Fix regression in 20.02.0 that broke --depend=expand.
* Reset begin time on job release if it's not in the future.
* Fix for recovering burst buffers when using high-availability.
* Fix invalid read due to freeing an incorrectly allocated env array.
* Update slurmctld -i message to warn about losing data.
* Fix scontrol cancel_reboot so it clears the DRAIN flag and node reason
for a pending ASAP reboot.
Changes in pdsh:
- Bring QA to the package build: add %%check stage
- Since the build for the SLE-12 HPC Module got fixed, simplify spec file
and remove legacy workarounds.
- Remove _multibuild file where not needed.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for HPC 12:
zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2607=1
Package List:
- SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64):
libnss_slurm2_20_02-20.02.3-3.5.1
libnss_slurm2_20_02-debuginfo-20.02.3-3.5.1
libpmi0_20_02-20.02.3-3.5.1
libpmi0_20_02-debuginfo-20.02.3-3.5.1
libslurm35-20.02.3-3.5.1
libslurm35-debuginfo-20.02.3-3.5.1
pdsh-slurm_18_08-2.34-7.26.2
pdsh-slurm_18_08-debuginfo-2.34-7.26.2
pdsh-slurm_20_02-2.34-7.26.2
pdsh-slurm_20_02-debuginfo-2.34-7.26.2
perl-slurm_20_02-20.02.3-3.5.1
perl-slurm_20_02-debuginfo-20.02.3-3.5.1
slurm_20_02-20.02.3-3.5.1
slurm_20_02-auth-none-20.02.3-3.5.1
slurm_20_02-auth-none-debuginfo-20.02.3-3.5.1
slurm_20_02-config-20.02.3-3.5.1
slurm_20_02-config-man-20.02.3-3.5.1
slurm_20_02-debuginfo-20.02.3-3.5.1
slurm_20_02-debugsource-20.02.3-3.5.1
slurm_20_02-devel-20.02.3-3.5.1
slurm_20_02-doc-20.02.3-3.5.1
slurm_20_02-lua-20.02.3-3.5.1
slurm_20_02-lua-debuginfo-20.02.3-3.5.1
slurm_20_02-munge-20.02.3-3.5.1
slurm_20_02-munge-debuginfo-20.02.3-3.5.1
slurm_20_02-node-20.02.3-3.5.1
slurm_20_02-node-debuginfo-20.02.3-3.5.1
slurm_20_02-pam_slurm-20.02.3-3.5.1
slurm_20_02-pam_slurm-debuginfo-20.02.3-3.5.1
slurm_20_02-plugins-20.02.3-3.5.1
slurm_20_02-plugins-debuginfo-20.02.3-3.5.1
slurm_20_02-slurmdbd-20.02.3-3.5.1
slurm_20_02-slurmdbd-debuginfo-20.02.3-3.5.1
slurm_20_02-sql-20.02.3-3.5.1
slurm_20_02-sql-debuginfo-20.02.3-3.5.1
slurm_20_02-sview-20.02.3-3.5.1
slurm_20_02-sview-debuginfo-20.02.3-3.5.1
slurm_20_02-torque-20.02.3-3.5.1
slurm_20_02-torque-debuginfo-20.02.3-3.5.1
References:
https://www.suse.com/security/cve/CVE-2016-10030.html
https://www.suse.com/security/cve/CVE-2017-15566.html
https://www.suse.com/security/cve/CVE-2018-10995.html
https://www.suse.com/security/cve/CVE-2018-7033.html
https://www.suse.com/security/cve/CVE-2019-12838.html
https://www.suse.com/security/cve/CVE-2019-19727.html
https://www.suse.com/security/cve/CVE-2019-19728.html
https://www.suse.com/security/cve/CVE-2019-6438.html
https://www.suse.com/security/cve/CVE-2020-12693.html
https://bugzilla.suse.com/1007053
https://bugzilla.suse.com/1018371
https://bugzilla.suse.com/1031872
https://bugzilla.suse.com/1041706
https://bugzilla.suse.com/1065697
https://bugzilla.suse.com/1084125
https://bugzilla.suse.com/1084917
https://bugzilla.suse.com/1085240
https://bugzilla.suse.com/1085606
https://bugzilla.suse.com/1086859
https://bugzilla.suse.com/1088693
https://bugzilla.suse.com/1090292
https://bugzilla.suse.com/1095508
https://bugzilla.suse.com/1100850
https://bugzilla.suse.com/1103561
https://bugzilla.suse.com/1108671
https://bugzilla.suse.com/1109373
https://bugzilla.suse.com/1116758
https://bugzilla.suse.com/1123304
https://bugzilla.suse.com/1140709
https://bugzilla.suse.com/1153095
https://bugzilla.suse.com/1153259
https://bugzilla.suse.com/1155784
https://bugzilla.suse.com/1158696
https://bugzilla.suse.com/1159692
https://bugzilla.suse.com/1161716
https://bugzilla.suse.com/1162377
https://bugzilla.suse.com/1164326
https://bugzilla.suse.com/1164386
https://bugzilla.suse.com/1172004
https://bugzilla.suse.com/1173805
More information about the sle-security-updates
mailing list