Bugzilla – Bug 1159692
VUL-0: CVE-2019-19728: slurm: [HPC,SLURM,CVE-2019-19728] Due to Race srun may run as User root
Last modified: 2023-09-11 12:11:25 UTC
"srun --uid" may not always drop into the correct user account, and instead will print a warning message but launch the tasks as root. Note that "srun --uid" is only available to the root user, and that this issue is only shown by a race condition between successive lookup calls within the srun client command. SchedMD does not recommend use of the "srun --uid" option (e.g., it does not load the target user's environment but will export the root users) and may remove this option in a future release. Announced on Dec, 20 2019: https://www.schedmd.com/news.php
This is an autogenerated message for OBS integration: This bug (1159692) was mentioned in https://build.opensuse.org/request/show/761961 Factory / slurm
SUSE-SU-2020:0110-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1140709,1153095,1153259,1155784,1158696,1159692 CVE References: CVE-2019-12838,CVE-2019-19727,CVE-2019-19728 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): slurm-18.08.9-3.10.1 SUSE Linux Enterprise Module for HPC 15-SP1 (src): slurm-18.08.9-3.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0085-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1140709,1153095,1153259,1155784,1158696,1159692 CVE References: CVE-2019-12838,CVE-2019-19727,CVE-2019-19728 Sources used: openSUSE Leap 15.1 (src): slurm-18.08.9-lp151.2.6.1
SUSE-SU-2020:0420-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1159692 CVE References: CVE-2019-19728 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): slurm-17.02.11-6.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0443-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1018371,1065697,1085240,1095508,1123304,1140709,1155784,1158709,1158798,1159692 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): pdsh-2.33-7.6.1 SUSE Linux Enterprise Module for HPC 15-SP1 (src): pdsh-2.33-7.6.1 SUSE Linux Enterprise Module for HPC 15 (src): pdsh-2.33-7.6.1, slurm_18_08-18.08.9-1.5.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Released.
SUSE-SU-2020:2607-1: An update that solves 9 vulnerabilities, contains four features and has 22 fixes is now available. Category: security (moderate) Bug References: 1007053,1018371,1031872,1041706,1065697,1084125,1084917,1085240,1085606,1086859,1088693,1090292,1095508,1100850,1103561,1108671,1109373,1116758,1123304,1140709,1153095,1153259,1155784,1158696,1159692,1161716,1162377,1164326,1164386,1172004,1173805 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438,CVE-2020-12693 JIRA References: SLE-10800,SLE-7341,SLE-7342,SLE-8491 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): pdsh_slurm_18_08-2.34-7.26.2, pdsh_slurm_20_02-2.34-7.26.2, slurm_20_02-20.02.3-3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0773-1: An update that fixes 11 vulnerabilities, contains one feature is now available. Category: security (important) Bug References: 1018371,1065697,1085240,1095508,1123304,1140709,1155784,1159692,1172004,1178890,1178891 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438,CVE-2020-12693,CVE-2020-27745,CVE-2020-27746 JIRA References: ECO-2412 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): pdsh-2.34-7.32.1, pdsh_slurm_18_08-2.34-7.32.1, pdsh_slurm_20_02-2.34-7.32.1, pdsh_slurm_20_11-2.34-7.32.1, slurm_20_11-20.11.4-3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.