{"affected":[{"ecosystem_specific":{"binaries":[{"libnss_slurm2_20_02":"20.02.6-3.8.1","libpmi0_20_02":"20.02.6-3.8.1","libslurm35":"20.02.6-3.8.1","perl-slurm_20_02":"20.02.6-3.8.1","slurm_20_02":"20.02.6-3.8.1","slurm_20_02-auth-none":"20.02.6-3.8.1","slurm_20_02-config":"20.02.6-3.8.1","slurm_20_02-config-man":"20.02.6-3.8.1","slurm_20_02-devel":"20.02.6-3.8.1","slurm_20_02-doc":"20.02.6-3.8.1","slurm_20_02-lua":"20.02.6-3.8.1","slurm_20_02-munge":"20.02.6-3.8.1","slurm_20_02-node":"20.02.6-3.8.1","slurm_20_02-pam_slurm":"20.02.6-3.8.1","slurm_20_02-plugins":"20.02.6-3.8.1","slurm_20_02-slurmdbd":"20.02.6-3.8.1","slurm_20_02-sql":"20.02.6-3.8.1","slurm_20_02-sview":"20.02.6-3.8.1","slurm_20_02-torque":"20.02.6-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 12","name":"slurm_20_02","purl":"pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20.02.6-3.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for slurm_20_02 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem (bsc#1178890).\n- CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891).\n\nNon-security issues fixed:\n\n- Updated to 20.02.6. Full log and details available at:\n  * https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html\n\n- Updated to 20.02.5, changes:\n * Fix leak of TRESRunMins when job time is changed with --time-min\n * pam_slurm - explicitly initialize slurm config to support configless mode.\n * scontrol - Fix exit code when creating/updating reservations with wrong\n   Flags.\n * When a GRES has a no_consume flag, report 0 for allocated.\n * Fix cgroup cleanup by jobacct_gather/cgroup.\n * When creating reservations/jobs don't allow counts on a feature unless\n   using an XOR.\n * Improve number of boards discovery\n * Fix updating a reservation NodeCnt on a zero-count reservation.\n * slurmrestd - provide an explicit error messages when PSK auth fails.\n * cons_tres - fix job requesting single gres per-node getting two or more\n   nodes with less CPUs than requested per-task.\n * cons_tres - fix calculation of cores when using gres and cpus-per-task.\n * cons_tres - fix job not getting access to socket without GPU or with less\n   than --gpus-per-socket when not enough cpus available on required socket\n   and not using --gres-flags=enforce binding.\n * Fix HDF5 type version build error.\n * Fix creation of CoreCnt only reservations when the first node isn't\n   available.\n * Fix wrong DBD Agent queue size in sdiag when using accounting_storage/none.\n * Improve job constraints XOR option logic.\n * Fix preemption of hetjobs when needed nodes not in leader component.\n * Fix wrong bit_or() messing potential preemptor jobs node bitmap, causing\n   bad node deallocations and even allocation of nodes from other partitions.\n * Fix double-deallocation of preempted non-leader hetjob components.\n * slurmdbd - prevent truncation of the step nodelists over 4095.\n * Fix nodes remaining in drain state state after rebooting with ASAP option.\n - changes from 20.02.4:\n * srun - suppress job step creation warning message when waiting on\n   PrologSlurmctld.\n * slurmrestd - fix incorrect return values in data_list_for_each() functions.\n * mpi/pmix - fix issue where HetJobs could fail to launch.\n * slurmrestd - set content-type header in responses.\n * Fix cons_res GRES overallocation for --gres-flags=disable-binding.\n * Fix cons_res incorrectly filtering cores with respect to GRES locality for\n   --gres-flags=disable-binding requests.\n * Fix regression where a dependency on multiple jobs in a single array using\n   underscores would only add the first job.\n * slurmrestd - fix corrupted output due to incorrect use of memcpy().\n * slurmrestd - address a number of minor Coverity warnings.\n * Handle retry failure when slurmstepd is communicating with srun correctly.\n * Fix jobacct_gather possibly duplicate stats when _is_a_lwp error shows up.\n * Fix tasks binding to GRES which are closest to the allocated CPUs.\n * Fix AMD GPU ROCM 3.5 support.\n * Fix handling of job arrays in sacct when querying specific steps.\n * slurmrestd - avoid fallback to local socket authentication if JWT\n   authentication is ill-formed.\n * slurmrestd - restrict ability of requests to use different authentication\n   plugins.\n * slurmrestd - unlink named unix sockets before closing.\n * slurmrestd - fix invalid formatting in openapi.json.\n * Fix batch jobs stuck in CF state on FrontEnd mode.\n * Add a separate explicit error message when rejecting changes to active node\n   features.\n * cons_common/job_test - fix slurmctld SIGABRT due to double-free.\n * Fix updating reservations to set the duration correctly if updating the\n   start time.\n * Fix update reservation to promiscuous mode.\n * Fix override of job tasks count to max when ntasks-per-node present.\n * Fix min CPUs per node not being at least CPUs per task requested.\n * Fix CPUs allocated to match CPUs requested when requesting GRES and\n   threads per core equal to one.\n * Fix NodeName config parsing with Boards and without CPUs.\n * Ensure SLURM_JOB_USER and SLURM_JOB_UID are set in SrunProlog/Epilog.\n * Fix error messages for certain invalid salloc/sbatch/srun options.\n * pmi2 - clean up sockets at step termination.\n * Fix 'scontrol hold' to work with 'JobName'.\n * sbatch - handle --uid/--gid in #SBATCH directives properly.\n * Fix race condition in job termination on slurmd.\n * Print specific error messages if trying to run use certain\n   priority/multifactor factors that cannot work without SlurmDBD.\n * Avoid partial GRES allocation when --gpus-per-job is not satisfied.\n * Cray - Avoid referencing a variable outside of it's correct scope when\n   dealing with creating steps within a het job.\n * slurmrestd - correctly handle larger addresses from accept().\n * Avoid freeing wrong pointer with SlurmctldParameters=max_dbd_msg_action\n   with another option after that.\n * Restore MCS label when suspended job is resumed.\n * Fix insufficient lock levels.\n * slurmrestd - use errno from job submission.\n * Fix 'user' filter for sacctmgr show transactions.\n * Fix preemption logic.\n * Fix no_consume GRES for exclusive (whole node) requests.\n * Fix regression in 20.02 that caused an infinite loop in slurmctld when\n   requesting --distribution=plane for the job.\n * Fix parsing of the --distribution option.\n * Add CONF READ_LOCK to _handle_fed_send_job_sync.\n * prep/script - always call slurmctld PrEp callback in _run_script().\n * Fix node estimation for jobs that use GPUs or --cpus-per-task.\n * Fix jobcomp, job_submit and cli_filter Lua implementation plugins causing\n   slurmctld and/or job submission CLI tools segfaults due to bad return\n   handling when the respective Lua script failed to load.\n * Fix propagation of gpu options through hetjob components.\n * Add SLURM_CLUSTERS environment variable to scancel.\n * Fix packing/unpacking of 'unlinked' jobs.\n * Connect slurmstepd's stderr to srun for steps launched with --pty.\n * Handle MPS correctly when doing exclusive allocations.\n * slurmrestd - fix compiling against libhttpparser in a non-default path.\n * slurmrestd - avoid compilation issues with libhttpparser < 2.6.\n * Fix compile issues when compiling slurmrestd without --enable-debug.\n * Reset idle time on a reservation that is getting purged.\n * Fix reoccurring reservations that have Purge_comp= to keep correct\n   duration if they are purged.\n * scontrol - changed the 'PROMISCUOUS' flag to 'MAGNETIC'\n * Early return from epilog_set_env in case of no_consume.\n * Fix cons_common/job_test start time discovery logic to prevent skewed\n   results between 'will run test' executions.\n * Ensure TRESRunMins limits are maintained during 'scontrol reconfigure'.\n * Improve error message when host lookup fails.\n","id":"SUSE-SU-2020:3892-1","modified":"2020-12-21T09:57:06Z","published":"2020-12-21T09:57:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20203892-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178890"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178891"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27746"}],"related":["CVE-2020-27745","CVE-2020-27746"],"summary":"Security update for slurm_20_02","upstream":["CVE-2020-27745","CVE-2020-27746"]}