SUSE-FU-2025:0661-1: moderate: Feature update for slurm and pdsh
SLE-UPDATES
null at suse.de
Mon Feb 24 08:30:38 UTC 2025
# Feature update for slurm and pdsh
Announcement ID: SUSE-FU-2025:0661-1
Release Date: 2025-02-24T02:11:30Z
Rating: moderate
References:
* bsc#1236156
* bsc#1236722
* bsc#1236726
* bsc#1236928
* bsc#1236929
Cross-References:
* CVE-2024-42511
* CVE-2024-48936
CVSS scores:
* CVE-2024-48936 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products:
* HPC Module 12
* SUSE Linux Enterprise High Performance Computing 12 SP2
* SUSE Linux Enterprise High Performance Computing 12 SP3
* SUSE Linux Enterprise High Performance Computing 12 SP4
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP2
* SUSE Linux Enterprise Server 12 SP3
* SUSE Linux Enterprise Server 12 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP2
* SUSE Linux Enterprise Server for SAP Applications 12 SP3
* SUSE Linux Enterprise Server for SAP Applications 12 SP4
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
An update that solves two vulnerabilities and has three fixes can now be
installed.
## Description:
This update for slurm and pdsh fixes the following issues:
slurm was updated to version 24.11.1 using package slurm_24_11:
* Security issues fixed:
* CVE-2024-48936: Fixed authentication handling in stepmgr that could permit
an attacker to execute processes under other users' jobs (bsc#1236722)
* CVE-2024-42511: Fixed vulnerability with switch plugins where a user could
override the isolation between Slingshot VNIs or IMEX channels (bsc#1236726)
* Important remarks:
* Slurm can be upgraded from version 23.02, 23.11 or 24.05 to version 24.11
without loss of jobs or other state information. Upgrading directly from an
earlier version of Slurm will result in loss of state information.
* If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first.
* The 24.11 `slurmdbd` will work with Slurm daemons of version 23.02 and
above. You will not need to update all clusters at the same time, but it is
very important to update `slurmdbd` first and having it running before
updating any other clusters making use of it.
* If using a backup DBD you must start the primary first to do any database
conversion, the backup will not start until this has happened.
* All SPANK plugins must be recompiled when upgrading from any Slurm version
prior to 24.11.
* Highlights of changes:
* Fixed issues related to the modified startup handling for slurmdbd: moved
PID file to `/run/slurmdbd` (bsc#1236928)
* Create slurm-owned log file on behalf of slurmdbd (bsc#1236929)
* Added report AccountUtilizationByQOS to sreport.
* `AccountUtilizationByUser` is able to be filtered by QOS.
* Added autodetected gpus to the output of `slurmd -C`
* Added ability to submit jobs with multiple QOS. These are sorted by priority
highest being the first.
* Removed the instant on feature from `switch/hpe_slingshot`.
* `slurmctld` : Changed incoming RPC handling to dedicated thread pool with
asynchronous handling of I/O that can be configured via `conmgr_*` entries
under `SlurmctldParameters` in `slurm.conf`.
* Configuration File Changes (see appropriate man page for details)
* Added `SchedulerParameters=bf_allow_magnetic_slot` option. It allows jobs in
magnetic reservations to be planned by backfill scheduler.
* Added `TopologyParam=TopoMaxSizeUnroll=#` to allow
`--nodes=<min>-<max>` for `topology/block`.
* Added `DataParserParameters` `slurm.conf` parameter to allow setting default
value for CLI `--json` and `--yaml` arguments.
* Hardware collectives in `switch/hpe_slingshot` now requires
`enable_stepmgr`.
* Added connection related parameters to `slurm.conf` under
`SlurmctldParameters`:
`conmgr_max_connections`: Defaults to 150 connections.
`conmgr_threads`: Defaults to 64 threads for slurmctld.
`conmgr_use_poll`: Defaults is to use epoll in Linux.
`conmgr_connect_timeout`: Defaults to `MessageTimeout`.
`conmgr_read_timeout`: Defaults to `MessageTimeout`.
`conmgr_wait_write_delay`: Defaults to `MessageTimeout`.
`conmgr_write_timeout`: Defaults to MessageTimeout.
* Added `SlurmctldParamters=ignore_constraint_validation` to ignore
`constraint/feature` validation at submission.
* Added `SchedulerParameters=bf_topopt_enable` option to enable experimental
hook to control backfill.
* Command Changes (see man pages for details):
* Remove srun `--cpu-bind=rank`.
* Add `"%b"` as a file name pattern for the array task id modulo 10.
* `sacct` : Respect `--noheader` for `--batch-script` and `--env-vars`.
* Add `sacctmgr ping` command to query status of `slurmdbd`.
* `sbcast` : Add `--nodelist` option to specify where files are transmitted to
* `sbcast` : Add `--no-allocation` option to transmit files to nodes outside
of a job allocation.
* `slurmdbd` : Add `-u` option. This is used to determine if restarting the
DBD will result in database conversion.
* Remove `salloc --get-user-env`.
* `scontrol` : Add `--json`/`--yaml` support to `listpids`.
* `scontrol` : Add `liststeps`.
* `scontrol` : Add `listjobs`.
* `scontrol show topo` : Show aggregated block sizes when using
topology/block.
* API Changes:
* Remove `burst_buffer/lua` call `slurm.job_info_to_string()`.
* `job_submit/lua` : Add `assoc_qos` attribute to `job_desc` to display all
potential QOS's for a job's association.
* `job_submit/lua` : Add `slurm.get_qos_priority()` function to retrieve the
given QOS's priority.
* SLURMRESTD Changes:
* Removed fields deprecated in the Slurm-23.11 release from v0.0.42 endpoints.
* Removed v0.0.39 plugins.
* Set `data_parser/v0.0.42+prefer_refs` flag to default.
* Add `data_parser/v0.0.42+minimize_refs` flag to inline single referenced
schemas in the OpenAPI schema to get default behavior of
`data_parser/v0.0.41`.
* Rename v0.0.42 `JOB_INFO` field `minimum_switches` to `required_switches` to
reflect the actual behavior.
* Rename v0.0.42 `ACCOUNT_CONDITION` field `assocation` to `association`
(typo).
* Tag `slurmdb/v0.0.42/jobs pid` field deprecated.
* For details on the changes in this version update, consult Slurm 24.11
changelog
pdsh was updated from version 2.34 to 2.35:
* IMPORTANT NOTE: pdsh version 2.35 is not compatible with Slurm versions
below 20.11
* Key changes of version 2.35:
* Added `-d` option to log errors
* build: use LDADD instead of LDFLAGS for libcommon.la
* dsbak: fixed handling of empty input lines
* ssh: fixed sshcmd_signal on macos
* Other changes:
* Fixed version test for munge build (bsc#1236156)
* Dropped Slurm support for s390x and i586: Slurm no longer builds for s390x
or 32bit
* Implementation of package `pdsh-slurm_24_11` compatible with Slurm 24.11
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* HPC Module 12
zypper in -t patch SUSE-SLE-Module-HPC-12-2025-661=1
## Package List:
* HPC Module 12 (aarch64 x86_64)
* slurm_24_11-torque-24.11.1-3.5.3
* pdsh-slurm_23_02-debuginfo-2.35-7.44.1
* slurm_24_11-24.11.1-3.5.3
* slurm_24_11-slurmdbd-24.11.1-3.5.3
* pdsh_slurm_24_11-debugsource-2.35-7.44.4
* pdsh-genders-2.35-7.44.1
* libpmi0_24_11-24.11.1-3.5.3
* pdsh_slurm_20_11-debugsource-2.35-7.44.1
* pdsh-machines-debuginfo-2.35-7.44.1
* slurm_24_11-auth-none-debuginfo-24.11.1-3.5.3
* pdsh-dshgroup-2.35-7.44.1
* pdsh_slurm_23_02-debugsource-2.35-7.44.1
* perl-slurm_24_11-debuginfo-24.11.1-3.5.3
* pdsh-debuginfo-2.35-7.44.1
* slurm_24_11-sql-24.11.1-3.5.3
* pdsh-slurm_22_05-debuginfo-2.35-7.44.1
* libslurm42-24.11.1-3.5.3
* slurm_24_11-pam_slurm-debuginfo-24.11.1-3.5.3
* slurm_24_11-slurmdbd-debuginfo-24.11.1-3.5.3
* pdsh-genders-debuginfo-2.35-7.44.1
* libslurm42-debuginfo-24.11.1-3.5.3
* slurm_24_11-cray-24.11.1-3.5.3
* pdsh-slurm_23_02-2.35-7.44.1
* slurm_24_11-auth-none-24.11.1-3.5.3
* pdsh-slurm_22_05-2.35-7.44.1
* slurm_24_11-pam_slurm-24.11.1-3.5.3
* slurm_24_11-node-debuginfo-24.11.1-3.5.3
* slurm_24_11-devel-24.11.1-3.5.3
* pdsh-slurm_20_11-2.35-7.44.1
* libnss_slurm2_24_11-24.11.1-3.5.3
* pdsh-debugsource-2.35-7.44.1
* slurm_24_11-sql-debuginfo-24.11.1-3.5.3
* slurm_24_11-sview-24.11.1-3.5.3
* slurm_24_11-torque-debuginfo-24.11.1-3.5.3
* slurm_24_11-lua-debuginfo-24.11.1-3.5.3
* pdsh-2.35-7.44.1
* pdsh-machines-2.35-7.44.1
* pdsh-netgroup-2.35-7.44.1
* slurm_24_11-lua-24.11.1-3.5.3
* slurm_24_11-node-24.11.1-3.5.3
* libnss_slurm2_24_11-debuginfo-24.11.1-3.5.3
* perl-slurm_24_11-24.11.1-3.5.3
* libpmi0_24_11-debuginfo-24.11.1-3.5.3
* slurm_24_11-plugins-24.11.1-3.5.3
* slurm_24_11-plugins-debuginfo-24.11.1-3.5.3
* pdsh-dshgroup-debuginfo-2.35-7.44.1
* pdsh-slurm_24_11-2.35-7.44.4
* pdsh-slurm_20_11-debuginfo-2.35-7.44.1
* slurm_24_11-sview-debuginfo-24.11.1-3.5.3
* pdsh-netgroup-debuginfo-2.35-7.44.1
* pdsh_slurm_22_05-debugsource-2.35-7.44.1
* pdsh-slurm_24_11-debuginfo-2.35-7.44.4
* slurm_24_11-debuginfo-24.11.1-3.5.3
* slurm_24_11-munge-24.11.1-3.5.3
* slurm_24_11-munge-debuginfo-24.11.1-3.5.3
* HPC Module 12 (noarch)
* slurm_24_11-config-24.11.1-3.5.3
* slurm_24_11-webdoc-24.11.1-3.5.3
* slurm_24_11-doc-24.11.1-3.5.3
* slurm_24_11-config-man-24.11.1-3.5.3
## References:
* https://www.suse.com/security/cve/CVE-2024-42511.html
* https://www.suse.com/security/cve/CVE-2024-48936.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236156
* https://bugzilla.suse.com/show_bug.cgi?id=1236722
* https://bugzilla.suse.com/show_bug.cgi?id=1236726
* https://bugzilla.suse.com/show_bug.cgi?id=1236928
* https://bugzilla.suse.com/show_bug.cgi?id=1236929
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250224/1f653acb/attachment.htm>
More information about the sle-updates
mailing list