Bug 1178890 (CVE-2020-27745)

Summary: VUL-0: CVE-2020-27745: slurm,slurmlibs,slurm_18_08,slurm_20_02: potential buffer overflows from use of unpackmem()
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/271753/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-27745:8.8:(AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-11-17 13:33:17 UTC
CVE-2020-27745

A review of Slurm's RPC handling code uncovered a potential buffer overflow with one utility function. The only affected use is in Slurm's PMIx MPI plugin, and a job would only be vulnerable if --mpi=pmix was requested, or the site has set MpiDefault=pmix in slurm.conf.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1898121
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27745
Comment 2 OBSbugzilla Bot 2020-11-18 12:20:19 UTC
This is an autogenerated message for OBS integration:
This bug (1178890) was mentioned in
https://build.opensuse.org/request/show/849278 15.2 / slurm
Comment 4 OBSbugzilla Bot 2020-11-18 19:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1178890) was mentioned in
https://build.opensuse.org/request/show/849302 15.1 / slurm
Comment 5 Egbert Eich 2020-11-23 14:33:41 UTC
There are some issues with above submissions:
1. Requests 230852 (18.08), 230865 (20.02) are correct.
2. No submission for Leap. This will be handled thru SLE.
3. We need more. The support matrix looks as follows: 
   Slurm       SLE Release/
   version     Service Pack
   20.02    [15.2]/15.1/12.2
   18.08    [15.1]/15.0/12.2
   17.11    [15.0]
   17.02    [12.2]
   
The release/SPs marked with [...] ship the mentioned Slurm version as base
version, in this case the name is not appended by a _version ID (ie slurm, slurm-config ...). Any service pack not specifically marked ships the mentioned Slurm version as an upgrade package, here the version (with '.' replaced by '_') is appended to the package name: (slurm_20_02, slurm_20_02-config ...).

One should be able to do:
iosc mbranch slurm
iosc mbranch slurm_20_02
...
to get the correct versions for maintenance.
Comment 6 Egbert Eich 2020-11-23 14:40:19 UTC
I've updated the version matrix on 
https://confluence.suse.com/display/HPCTeam/SLURM+Version+Update+Policy+on+SLE+HPC
as well.
Comment 7 Swamp Workflow Management 2020-11-24 20:16:08 UTC
SUSE-SU-2020:3505-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 15-SP1 (src):    slurm-18.08.9-3.16.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-11-24 20:23:07 UTC
SUSE-SU-2020:3506-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1173805,1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 15-SP2 (src):    slurm-20.02.6-3.3.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-11-26 17:38:40 UTC
openSUSE-SU-2020:2033-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    slurm-18.08.9-lp151.2.14.1
Comment 10 Swamp Workflow Management 2020-11-27 02:15:30 UTC
openSUSE-SU-2020:2056-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1173805,1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    slurm-20.02.6-lp152.2.3.1
Comment 14 Swamp Workflow Management 2020-12-17 14:21:28 UTC
SUSE-SU-2020:3863-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    slurm_18_08-18.08.9-3.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-12-18 20:16:06 UTC
SUSE-SU-2020:3877-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    slurm_18_08-18.08.9-1.11.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    slurm_18_08-18.08.9-1.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2020-12-18 20:18:23 UTC
SUSE-SU-2020:3878-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1153259,1155784,1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 15-SP1 (src):    slurm-17.11.13-6.34.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    slurm-17.11.13-6.34.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    slurm-17.11.13-6.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2020-12-19 14:15:02 UTC
openSUSE-SU-2020:2286-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    slurm-18.08.9-lp151.6.1
Comment 18 Swamp Workflow Management 2020-12-21 14:20:34 UTC
SUSE-SU-2020:3892-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    slurm_20_02-20.02.6-3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2021-01-15 14:22:30 UTC
SUSE-SU-2021:0139-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 15-SP1 (src):    slurm_20_02-20.02.6-3.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2021-01-17 14:15:04 UTC
openSUSE-SU-2021:0096-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1178890,1178891
CVE References: CVE-2020-27745,CVE-2020-27746
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    slurm-18.08.9-lp152.5.1
Comment 23 Swamp Workflow Management 2021-01-18 14:25:03 UTC
SUSE-SU-2021:0155-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1178890
CVE References: CVE-2020-27745
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    slurm-17.02.11-6.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Wolfgang Frisch 2021-01-28 13:55:55 UTC
Released.
Comment 28 Swamp Workflow Management 2021-03-12 17:18:32 UTC
SUSE-SU-2021:0773-1: An update that fixes 11 vulnerabilities, contains one feature is now available.

Category: security (important)
Bug References: 1018371,1065697,1085240,1095508,1123304,1140709,1155784,1159692,1172004,1178890,1178891
CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438,CVE-2020-12693,CVE-2020-27745,CVE-2020-27746
JIRA References: ECO-2412
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    pdsh-2.34-7.32.1, pdsh_slurm_18_08-2.34-7.32.1, pdsh_slurm_20_02-2.34-7.32.1, pdsh_slurm_20_11-2.34-7.32.1, slurm_20_11-20.11.4-3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.