Security update for pdsh, slurm_20_02
Announcement ID: | SUSE-SU-2020:2607-1 |
---|---|
Rating: | moderate |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves nine vulnerabilities, contains four features and has 22 security fixes can now be installed.
Description:
This update for pdsh, slurm_20_02 fixes the following issues:
Changes in slurm_20_02:
- Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805).
- Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this fail.
- Remove unneeded build dependency to postgresql-devel.
-
Disable build on s390 (requires 64bit).
-
Bring QA to the package build: add %%check stage.
- Remove cruft that isn't needed any longer.
- Add 'ghosted' run-file.
-
Add rpmlint filter to handle issues with library packages for Leap and enterprise upgrade versions.
-
Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004).
- Other changes are:
- Factor in ntasks-per-core=1 with cons_tres.
- Fix formatting in error message in cons_tres.
- Fix calling stat on a NULL variable.
- Fix minor memory leak when using reservations with flags=first_cores.
- Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node.
- Fix --mem-per-gpu for heterogenous --gres requests.
- Fix slurmctld load order in load_all_part_state().
- Fix race condition not finding jobacct gather task cgroup entry.
- Suppress error message when selecting nodes on disjoint topologies.
- Improve performance of _pack_default_job_details() with large number of job
- arguments.
- Fix archive loading previous to 17.11 jobs per-node req_mem.
- Fix regresion validating that --gpus-per-socket requires --sockets-per-node
- for steps. Should only validate allocation requests.
- error() instead of fatal() when parsing an invalid hostlist.
- nss_slurm - fix potential deadlock in slurmstepd on overloaded systems.
- cons_tres - fix --gres-flags=enforce-binding and related --cpus-per-gres.
- cons_tres - Allocate lowest numbered cores when filtering cores with gres.
- Fix getting system counts for named GRES/TRES.
- MySQL - Fix for handing typed GRES for association rollups.
- Fix step allocations when tasks_per_core > 1.
-
Fix allocating more GRES than requested when asking for multiple GRES types.
-
Treat libnss_slurm like any other package: add version string to upgrade package.
-
Updated to 20.02.1 with following changes"
- Improve job state reason for jobs hitting partition_job_depth.
- Speed up testing of singleton dependencies.
- Fix negative loop bound in cons_tres.
- srun - capture the MPI plugin return code from mpi_hook_client_fini() and use as final return code for step failure.
- Fix segfault in cli_filter/lua.
- Fix --gpu-bind=map_gpu reusability if tasks > elements.
- Make sure config_flags on a gres are sent to the slurmctld on node registration.
- Prolog/Epilog - Fix missing GPU information.
- Fix segfault when using config parser for expanded lines.
- Fix bit overlap test function.
- Don't accrue time if job begin time is in the future.
- Remove accrue time when updating a job start/eligible time to the future.
- Fix regression in 20.02.0 that broke --depend=expand.
- Reset begin time on job release if it's not in the future.
- Fix for recovering burst buffers when using high-availability.
- Fix invalid read due to freeing an incorrectly allocated env array.
- Update slurmctld -i message to warn about losing data.
- Fix scontrol cancel_reboot so it clears the DRAIN flag and node reason for a pending ASAP reboot.
Changes in pdsh: - Bring QA to the package build: add %%check stage
- Since the build for the SLE-12 HPC Module got fixed, simplify spec file and remove legacy workarounds.
- Remove _multibuild file where not needed.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
HPC Module 12
zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2607=1
Package List:
-
HPC Module 12 (aarch64 x86_64)
- libnss_slurm2_20_02-20.02.3-3.5.1
- libpmi0_20_02-20.02.3-3.5.1
- slurm_20_02-plugins-debuginfo-20.02.3-3.5.1
- perl-slurm_20_02-debuginfo-20.02.3-3.5.1
- slurm_20_02-sview-debuginfo-20.02.3-3.5.1
- slurm_20_02-pam_slurm-debuginfo-20.02.3-3.5.1
- slurm_20_02-torque-20.02.3-3.5.1
- slurm_20_02-pam_slurm-20.02.3-3.5.1
- slurm_20_02-config-20.02.3-3.5.1
- slurm_20_02-plugins-20.02.3-3.5.1
- libpmi0_20_02-debuginfo-20.02.3-3.5.1
- slurm_20_02-auth-none-debuginfo-20.02.3-3.5.1
- slurm_20_02-debugsource-20.02.3-3.5.1
- slurm_20_02-node-20.02.3-3.5.1
- slurm_20_02-munge-debuginfo-20.02.3-3.5.1
- perl-slurm_20_02-20.02.3-3.5.1
- slurm_20_02-lua-debuginfo-20.02.3-3.5.1
- slurm_20_02-auth-none-20.02.3-3.5.1
- pdsh-slurm_18_08-2.34-7.26.2
- libslurm35-debuginfo-20.02.3-3.5.1
- slurm_20_02-sql-debuginfo-20.02.3-3.5.1
- slurm_20_02-sview-20.02.3-3.5.1
- slurm_20_02-devel-20.02.3-3.5.1
- slurm_20_02-sql-20.02.3-3.5.1
- slurm_20_02-node-debuginfo-20.02.3-3.5.1
- slurm_20_02-munge-20.02.3-3.5.1
- slurm_20_02-config-man-20.02.3-3.5.1
- slurm_20_02-lua-20.02.3-3.5.1
- slurm_20_02-20.02.3-3.5.1
- slurm_20_02-debuginfo-20.02.3-3.5.1
- pdsh-slurm_20_02-debuginfo-2.34-7.26.2
- libslurm35-20.02.3-3.5.1
- slurm_20_02-torque-debuginfo-20.02.3-3.5.1
- slurm_20_02-slurmdbd-20.02.3-3.5.1
- slurm_20_02-doc-20.02.3-3.5.1
- libnss_slurm2_20_02-debuginfo-20.02.3-3.5.1
- slurm_20_02-slurmdbd-debuginfo-20.02.3-3.5.1
- pdsh-slurm_20_02-2.34-7.26.2
- pdsh-slurm_18_08-debuginfo-2.34-7.26.2
References:
- https://www.suse.com/security/cve/CVE-2016-10030.html
- https://www.suse.com/security/cve/CVE-2017-15566.html
- https://www.suse.com/security/cve/CVE-2018-10995.html
- https://www.suse.com/security/cve/CVE-2018-7033.html
- https://www.suse.com/security/cve/CVE-2019-12838.html
- https://www.suse.com/security/cve/CVE-2019-19727.html
- https://www.suse.com/security/cve/CVE-2019-19728.html
- https://www.suse.com/security/cve/CVE-2019-6438.html
- https://www.suse.com/security/cve/CVE-2020-12693.html
- https://bugzilla.suse.com/show_bug.cgi?id=1007053
- https://bugzilla.suse.com/show_bug.cgi?id=1018371
- https://bugzilla.suse.com/show_bug.cgi?id=1031872
- https://bugzilla.suse.com/show_bug.cgi?id=1041706
- https://bugzilla.suse.com/show_bug.cgi?id=1065697
- https://bugzilla.suse.com/show_bug.cgi?id=1084125
- https://bugzilla.suse.com/show_bug.cgi?id=1084917
- https://bugzilla.suse.com/show_bug.cgi?id=1085240
- https://bugzilla.suse.com/show_bug.cgi?id=1085606
- https://bugzilla.suse.com/show_bug.cgi?id=1086859
- https://bugzilla.suse.com/show_bug.cgi?id=1088693
- https://bugzilla.suse.com/show_bug.cgi?id=1090292
- https://bugzilla.suse.com/show_bug.cgi?id=1095508
- https://bugzilla.suse.com/show_bug.cgi?id=1100850
- https://bugzilla.suse.com/show_bug.cgi?id=1103561
- https://bugzilla.suse.com/show_bug.cgi?id=1108671
- https://bugzilla.suse.com/show_bug.cgi?id=1109373
- https://bugzilla.suse.com/show_bug.cgi?id=1116758
- https://bugzilla.suse.com/show_bug.cgi?id=1123304
- https://bugzilla.suse.com/show_bug.cgi?id=1140709
- https://bugzilla.suse.com/show_bug.cgi?id=1153095
- https://bugzilla.suse.com/show_bug.cgi?id=1153259
- https://bugzilla.suse.com/show_bug.cgi?id=1155784
- https://bugzilla.suse.com/show_bug.cgi?id=1158696
- https://bugzilla.suse.com/show_bug.cgi?id=1159692
- https://bugzilla.suse.com/show_bug.cgi?id=1161716
- https://bugzilla.suse.com/show_bug.cgi?id=1162377
- https://bugzilla.suse.com/show_bug.cgi?id=1164326
- https://bugzilla.suse.com/show_bug.cgi?id=1164386
- https://bugzilla.suse.com/show_bug.cgi?id=1172004
- https://bugzilla.suse.com/show_bug.cgi?id=1173805
- https://jira.suse.com/browse/SLE-10800
- https://jira.suse.com/browse/SLE-7341
- https://jira.suse.com/browse/SLE-7342
- https://jira.suse.com/browse/SLE-8491