{"affected":[{"ecosystem_specific":{"binaries":[{"libnss_slurm2":"20.02.7-150200.3.20.1","libpmi0":"20.02.7-150200.3.20.1","libslurm35":"20.02.7-150200.3.20.1","perl-slurm":"20.02.7-150200.3.20.1","slurm":"20.02.7-150200.3.20.1","slurm-auth-none":"20.02.7-150200.3.20.1","slurm-config":"20.02.7-150200.3.20.1","slurm-config-man":"20.02.7-150200.3.20.1","slurm-devel":"20.02.7-150200.3.20.1","slurm-doc":"20.02.7-150200.3.20.1","slurm-lua":"20.02.7-150200.3.20.1","slurm-munge":"20.02.7-150200.3.20.1","slurm-node":"20.02.7-150200.3.20.1","slurm-pam_slurm":"20.02.7-150200.3.20.1","slurm-plugins":"20.02.7-150200.3.20.1","slurm-slurmdbd":"20.02.7-150200.3.20.1","slurm-sql":"20.02.7-150200.3.20.1","slurm-sview":"20.02.7-150200.3.20.1","slurm-torque":"20.02.7-150200.3.20.1","slurm-webdoc":"20.02.7-150200.3.20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","name":"slurm","purl":"pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20.02.7-150200.3.20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for slurm fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)\n- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)\n- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)\n- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)\n\nOther fixes:\n\n- Fix slurm upgrading to incompatible versions (bsc#1216869).\n","id":"SUSE-SU-2024:0287-1","modified":"2024-01-31T11:03:38Z","published":"2024-01-31T11:03:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240287-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218051"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49937"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49938"}],"related":["CVE-2023-49933","CVE-2023-49936","CVE-2023-49937","CVE-2023-49938"],"summary":"Security update for slurm","upstream":["CVE-2023-49933","CVE-2023-49936","CVE-2023-49937","CVE-2023-49938"]}