Bugzilla – Bug 1178890
VUL-0: CVE-2020-27745: slurm,slurmlibs,slurm_18_08,slurm_20_02: potential buffer overflows from use of unpackmem()
Last modified: 2022-11-04 15:10:12 UTC
CVE-2020-27745 A review of Slurm's RPC handling code uncovered a potential buffer overflow with one utility function. The only affected use is in Slurm's PMIx MPI plugin, and a job would only be vulnerable if --mpi=pmix was requested, or the site has set MpiDefault=pmix in slurm.conf. References: https://bugzilla.redhat.com/show_bug.cgi?id=1898121 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27745
This is an autogenerated message for OBS integration: This bug (1178890) was mentioned in https://build.opensuse.org/request/show/849278 15.2 / slurm
This is an autogenerated message for OBS integration: This bug (1178890) was mentioned in https://build.opensuse.org/request/show/849302 15.1 / slurm
There are some issues with above submissions: 1. Requests 230852 (18.08), 230865 (20.02) are correct. 2. No submission for Leap. This will be handled thru SLE. 3. We need more. The support matrix looks as follows: Slurm SLE Release/ version Service Pack 20.02 [15.2]/15.1/12.2 18.08 [15.1]/15.0/12.2 17.11 [15.0] 17.02 [12.2] The release/SPs marked with [...] ship the mentioned Slurm version as base version, in this case the name is not appended by a _version ID (ie slurm, slurm-config ...). Any service pack not specifically marked ships the mentioned Slurm version as an upgrade package, here the version (with '.' replaced by '_') is appended to the package name: (slurm_20_02, slurm_20_02-config ...). One should be able to do: iosc mbranch slurm iosc mbranch slurm_20_02 ... to get the correct versions for maintenance.
I've updated the version matrix on https://confluence.suse.com/display/HPCTeam/SLURM+Version+Update+Policy+on+SLE+HPC as well.
SUSE-SU-2020:3505-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 15-SP1 (src): slurm-18.08.9-3.16.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3506-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1173805,1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 15-SP2 (src): slurm-20.02.6-3.3.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:2033-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: openSUSE Leap 15.1 (src): slurm-18.08.9-lp151.2.14.1
openSUSE-SU-2020:2056-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1173805,1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: openSUSE Leap 15.2 (src): slurm-20.02.6-lp152.2.3.1
SUSE-SU-2020:3863-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 12 (src): slurm_18_08-18.08.9-3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3877-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise High Performance Computing 15-LTSS (src): slurm_18_08-18.08.9-1.11.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): slurm_18_08-18.08.9-1.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3878-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1153259,1155784,1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 15-SP1 (src): slurm-17.11.13-6.34.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): slurm-17.11.13-6.34.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): slurm-17.11.13-6.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:2286-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: openSUSE Leap 15.1 (src): slurm-18.08.9-lp151.6.1
SUSE-SU-2020:3892-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 12 (src): slurm_20_02-20.02.6-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0139-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 15-SP1 (src): slurm_20_02-20.02.6-3.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0096-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1178890,1178891 CVE References: CVE-2020-27745,CVE-2020-27746 JIRA References: Sources used: openSUSE Leap 15.2 (src): slurm-18.08.9-lp152.5.1
SUSE-SU-2021:0155-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1178890 CVE References: CVE-2020-27745 JIRA References: Sources used: SUSE Linux Enterprise Module for HPC 12 (src): slurm-17.02.11-6.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Released.
SUSE-SU-2021:0773-1: An update that fixes 11 vulnerabilities, contains one feature is now available. Category: security (important) Bug References: 1018371,1065697,1085240,1095508,1123304,1140709,1155784,1159692,1172004,1178890,1178891 CVE References: CVE-2016-10030,CVE-2017-15566,CVE-2018-10995,CVE-2018-7033,CVE-2019-12838,CVE-2019-19727,CVE-2019-19728,CVE-2019-6438,CVE-2020-12693,CVE-2020-27745,CVE-2020-27746 JIRA References: ECO-2412 Sources used: SUSE Linux Enterprise Module for HPC 12 (src): pdsh-2.34-7.32.1, pdsh_slurm_18_08-2.34-7.32.1, pdsh_slurm_20_02-2.34-7.32.1, pdsh_slurm_20_11-2.34-7.32.1, slurm_20_11-20.11.4-3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.