{"affected":[{"ecosystem_specific":{"binaries":[{"libnss_slurm2_23_02":"23.02.7-150300.7.17.1","libpmi0_23_02":"23.02.7-150300.7.17.1","libslurm39":"23.02.7-150300.7.17.1","perl-slurm_23_02":"23.02.7-150300.7.17.1","slurm_23_02":"23.02.7-150300.7.17.1","slurm_23_02-auth-none":"23.02.7-150300.7.17.1","slurm_23_02-config":"23.02.7-150300.7.17.1","slurm_23_02-config-man":"23.02.7-150300.7.17.1","slurm_23_02-cray":"23.02.7-150300.7.17.1","slurm_23_02-devel":"23.02.7-150300.7.17.1","slurm_23_02-doc":"23.02.7-150300.7.17.1","slurm_23_02-lua":"23.02.7-150300.7.17.1","slurm_23_02-munge":"23.02.7-150300.7.17.1","slurm_23_02-node":"23.02.7-150300.7.17.1","slurm_23_02-pam_slurm":"23.02.7-150300.7.17.1","slurm_23_02-plugin-ext-sensors-rrd":"23.02.7-150300.7.17.1","slurm_23_02-plugins":"23.02.7-150300.7.17.1","slurm_23_02-rest":"23.02.7-150300.7.17.1","slurm_23_02-slurmdbd":"23.02.7-150300.7.17.1","slurm_23_02-sql":"23.02.7-150300.7.17.1","slurm_23_02-sview":"23.02.7-150300.7.17.1","slurm_23_02-torque":"23.02.7-150300.7.17.1","slurm_23_02-webdoc":"23.02.7-150300.7.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"slurm_23_02","purl":"pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.02.7-150300.7.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libnss_slurm2_23_02":"23.02.7-150300.7.17.1","libpmi0_23_02":"23.02.7-150300.7.17.1","libslurm39":"23.02.7-150300.7.17.1","perl-slurm_23_02":"23.02.7-150300.7.17.1","slurm_23_02":"23.02.7-150300.7.17.1","slurm_23_02-auth-none":"23.02.7-150300.7.17.1","slurm_23_02-config":"23.02.7-150300.7.17.1","slurm_23_02-config-man":"23.02.7-150300.7.17.1","slurm_23_02-cray":"23.02.7-150300.7.17.1","slurm_23_02-devel":"23.02.7-150300.7.17.1","slurm_23_02-doc":"23.02.7-150300.7.17.1","slurm_23_02-lua":"23.02.7-150300.7.17.1","slurm_23_02-munge":"23.02.7-150300.7.17.1","slurm_23_02-node":"23.02.7-150300.7.17.1","slurm_23_02-pam_slurm":"23.02.7-150300.7.17.1","slurm_23_02-plugin-ext-sensors-rrd":"23.02.7-150300.7.17.1","slurm_23_02-plugins":"23.02.7-150300.7.17.1","slurm_23_02-rest":"23.02.7-150300.7.17.1","slurm_23_02-slurmdbd":"23.02.7-150300.7.17.1","slurm_23_02-sql":"23.02.7-150300.7.17.1","slurm_23_02-sview":"23.02.7-150300.7.17.1","slurm_23_02-torque":"23.02.7-150300.7.17.1","slurm_23_02-webdoc":"23.02.7-150300.7.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"slurm_23_02","purl":"pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.02.7-150300.7.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libnss_slurm2_23_02":"23.02.7-150300.7.17.1","libpmi0_23_02":"23.02.7-150300.7.17.1","libslurm39":"23.02.7-150300.7.17.1","perl-slurm_23_02":"23.02.7-150300.7.17.1","slurm_23_02":"23.02.7-150300.7.17.1","slurm_23_02-auth-none":"23.02.7-150300.7.17.1","slurm_23_02-config":"23.02.7-150300.7.17.1","slurm_23_02-config-man":"23.02.7-150300.7.17.1","slurm_23_02-cray":"23.02.7-150300.7.17.1","slurm_23_02-devel":"23.02.7-150300.7.17.1","slurm_23_02-doc":"23.02.7-150300.7.17.1","slurm_23_02-lua":"23.02.7-150300.7.17.1","slurm_23_02-munge":"23.02.7-150300.7.17.1","slurm_23_02-node":"23.02.7-150300.7.17.1","slurm_23_02-pam_slurm":"23.02.7-150300.7.17.1","slurm_23_02-plugin-ext-sensors-rrd":"23.02.7-150300.7.17.1","slurm_23_02-plugins":"23.02.7-150300.7.17.1","slurm_23_02-rest":"23.02.7-150300.7.17.1","slurm_23_02-slurmdbd":"23.02.7-150300.7.17.1","slurm_23_02-sql":"23.02.7-150300.7.17.1","slurm_23_02-sview":"23.02.7-150300.7.17.1","slurm_23_02-torque":"23.02.7-150300.7.17.1","slurm_23_02-webdoc":"23.02.7-150300.7.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"slurm_23_02","purl":"pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.02.7-150300.7.17.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for slurm_23_02 fixes the following issues:\n\nUpdate to slurm 23.02.6:\n\nSecurity fixes:\n\n- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)\n- CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level MUNGE tokens and escalate permissions. (bsc#1218049)\n- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)\n- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)\n- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)\n\nOther fixes:\n\n- Add missing service file for slurmrestd (bsc#1217711).\n- Fix slurm upgrading to incompatible versions (bsc#1216869).\n","id":"SUSE-SU-2024:0280-1","modified":"2024-01-31T07:33:39Z","published":"2024-01-31T07:33:39Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240280-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218051"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49937"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49938"}],"related":["CVE-2023-49933","CVE-2023-49935","CVE-2023-49936","CVE-2023-49937","CVE-2023-49938"],"summary":"Security update for slurm_23_02","upstream":["CVE-2023-49933","CVE-2023-49935","CVE-2023-49936","CVE-2023-49937","CVE-2023-49938"]}