SUSE 5185 Published by

The following updates are available for openSUSE and SUSE Linux Enterprise:

SUSE-SU-2024:0323-1: critical: Security update for python-uamqp
SUSE-SU-2024:0325-1: important: Security update for java-17-openjdk
SUSE-SU-2024:0305-1: moderate: Security update for cpio
SUSE-SU-2024:0283-1: important: Security update for slurm_22_05
SUSE-SU-2024:0284-1: important: Security update for slurm
SUSE-SU-2024:0288-1: important: Security update for slurm_20_11




SUSE-SU-2024:0323-1: critical: Security update for python-uamqp


# Security update for python-uamqp

Announcement ID: SUSE-SU-2024:0323-1
Rating: critical
References:

* bsc#1219409

Cross-References:

* CVE-2024-21646

CVSS scores:

* CVE-2024-21646 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-21646 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* Public Cloud Module 15-SP2
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.1
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.1
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.1
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-uamqp fixes the following issues:

* CVE-2024-21646: Fix integer overflow which may cause remote code execution
(bsc#1219409).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-323=1

* Public Cloud Module 15-SP2
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2024-323=1

* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2024-323=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-323=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-323=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python3-uamqp-debuginfo-1.5.3-150100.4.10.1
* python3-uamqp-1.5.3-150100.4.10.1
* python-uamqp-debugsource-1.5.3-150100.4.10.1
* Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64)
* python3-uamqp-debuginfo-1.5.3-150100.4.10.1
* python3-uamqp-1.5.3-150100.4.10.1
* python-uamqp-debugsource-1.5.3-150100.4.10.1
* Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64)
* python3-uamqp-debuginfo-1.5.3-150100.4.10.1
* python3-uamqp-1.5.3-150100.4.10.1
* python-uamqp-debugsource-1.5.3-150100.4.10.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python3-uamqp-debuginfo-1.5.3-150100.4.10.1
* python3-uamqp-1.5.3-150100.4.10.1
* python-uamqp-debugsource-1.5.3-150100.4.10.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-uamqp-debuginfo-1.5.3-150100.4.10.1
* python3-uamqp-1.5.3-150100.4.10.1
* python-uamqp-debugsource-1.5.3-150100.4.10.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21646.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219409



SUSE-SU-2024:0325-1: important: Security update for java-17-openjdk


# Security update for java-17-openjdk

Announcement ID: SUSE-SU-2024:0325-1
Rating: important
References:

* bsc#1218903
* bsc#1218905
* bsc#1218907
* bsc#1218908
* bsc#1218909
* bsc#1218911

Cross-References:

* CVE-2024-20918
* CVE-2024-20919
* CVE-2024-20921
* CVE-2024-20932
* CVE-2024-20945
* CVE-2024-20952

CVSS scores:

* CVE-2024-20918 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-20919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-20921 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20932 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-20945 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20952 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for java-17-openjdk fixes the following issues:

Updated to version 17.0.10 (January 2024 CPU):

* CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a
missing bounds check (bsc#1218907).
* CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file
verifier (bsc#1218903).
* CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that
could lead to corruption of JVM memory (bsc#1218905).
* CVE-2024-20932: Fixed an incorrect handling of ZIP files with duplicate
entries (bsc#1218908).
* CVE-2024-20945: Fixed a potential private key leak through debug logs
(bsc#1218909).
* CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack
against TLS (bsc#1218911).

Find the full release notes at:

https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-325=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-325=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-325=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-325=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-325=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-325=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-325=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-325=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-325=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-325=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-325=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* java-17-openjdk-jmods-17.0.10.0-150400.3.36.1
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-src-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* openSUSE Leap 15.4 (noarch)
* java-17-openjdk-javadoc-17.0.10.0-150400.3.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-jmods-17.0.10.0-150400.3.36.1
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-src-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* openSUSE Leap 15.5 (noarch)
* java-17-openjdk-javadoc-17.0.10.0-150400.3.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-17-openjdk-demo-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-17.0.10.0-150400.3.36.1
* java-17-openjdk-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-debugsource-17.0.10.0-150400.3.36.1
* java-17-openjdk-debuginfo-17.0.10.0-150400.3.36.1
* java-17-openjdk-headless-17.0.10.0-150400.3.36.1
* java-17-openjdk-devel-debuginfo-17.0.10.0-150400.3.36.1

## References:

* https://www.suse.com/security/cve/CVE-2024-20918.html
* https://www.suse.com/security/cve/CVE-2024-20919.html
* https://www.suse.com/security/cve/CVE-2024-20921.html
* https://www.suse.com/security/cve/CVE-2024-20932.html
* https://www.suse.com/security/cve/CVE-2024-20945.html
* https://www.suse.com/security/cve/CVE-2024-20952.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218903
* https://bugzilla.suse.com/show_bug.cgi?id=1218905
* https://bugzilla.suse.com/show_bug.cgi?id=1218907
* https://bugzilla.suse.com/show_bug.cgi?id=1218908
* https://bugzilla.suse.com/show_bug.cgi?id=1218909
* https://bugzilla.suse.com/show_bug.cgi?id=1218911



SUSE-SU-2024:0305-1: moderate: Security update for cpio


# Security update for cpio

Announcement ID: SUSE-SU-2024:0305-1
Rating: moderate
References:

* bsc#1218571
* bsc#1219238

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that has two security fixes can now be installed.

## Description:

This update for cpio fixes the following issues:

* Fixed cpio not extracting correctly when using --no-absolute-filenames
option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-305=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-305=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-305=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-305=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-305=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-305=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-305=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-305=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-305=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-305=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-mt-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-mt-debuginfo-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* openSUSE Leap 15.4 (noarch)
* cpio-lang-2.13-150400.3.6.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-mt-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-mt-debuginfo-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* openSUSE Leap 15.5 (noarch)
* cpio-lang-2.13-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* cpio-debuginfo-2.13-150400.3.6.1
* cpio-mt-2.13-150400.3.6.1
* cpio-debugsource-2.13-150400.3.6.1
* cpio-mt-debuginfo-2.13-150400.3.6.1
* cpio-2.13-150400.3.6.1
* Basesystem Module 15-SP5 (noarch)
* cpio-lang-2.13-150400.3.6.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1218571
* https://bugzilla.suse.com/show_bug.cgi?id=1219238



SUSE-SU-2024:0283-1: important: Security update for slurm_22_05


# Security update for slurm_22_05

Announcement ID: SUSE-SU-2024:0283-1
Rating: important
References:

* bsc#1216869
* bsc#1217711
* bsc#1218046
* bsc#1218050
* bsc#1218051
* bsc#1218053

Cross-References:

* CVE-2023-49933
* CVE-2023-49936
* CVE-2023-49937
* CVE-2023-49938

CVSS scores:

* CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

An update that solves four vulnerabilities and has two security fixes can now be
installed.

## Description:

This update for slurm_22_05 fixes the following issues:

Update to slurm 22.05.11:

Security fixes:

* CVE-2023-49933: Prevent message extension attacks that could bypass the
message hash. (bsc#1218046)
* CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow.
(bsc#1218050)
* CVE-2023-49937: Prevent double-xfree() on error in
`_unpack_node_reg_resp()`. (bsc#1218051)
* CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the
wrong group permissions. (bsc#1218053)

Other fixes:

* Add missing service file for slurmrestd (bsc#1217711).
* Fix slurm upgrading to incompatible versions (bsc#1216869).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-283=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-283=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-283=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-283=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-283=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* slurm_22_05-pam_slurm-22.05.11-150300.7.9.1
* slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-22.05.11-150300.7.9.1
* slurm_22_05-torque-22.05.11-150300.7.9.1
* slurm_22_05-devel-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debugsource-22.05.11-150300.7.9.1
* slurm_22_05-rest-22.05.11-150300.7.9.1
* slurm_22_05-hdf5-22.05.11-150300.7.9.1
* slurm_22_05-sjstat-22.05.11-150300.7.9.1
* perl-slurm_22_05-22.05.11-150300.7.9.1
* libpmi0_22_05-22.05.11-150300.7.9.1
* perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-cray-22.05.11-150300.7.9.1
* slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-22.05.11-150300.7.9.1
* slurm_22_05-seff-22.05.11-150300.7.9.1
* slurm_22_05-lua-22.05.11-150300.7.9.1
* slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-22.05.11-150300.7.9.1
* slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1
* libslurm38-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1
* libslurm38-22.05.11-150300.7.9.1
* slurm_22_05-munge-22.05.11-150300.7.9.1
* slurm_22_05-sview-22.05.11-150300.7.9.1
* slurm_22_05-plugins-22.05.11-150300.7.9.1
* slurm_22_05-openlava-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-22.05.11-150300.7.9.1
* slurm_22_05-hdf5-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-22.05.11-150300.7.9.1
* slurm_22_05-testsuite-22.05.11-150300.7.9.1
* libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1
* openSUSE Leap 15.3 (noarch)
* slurm_22_05-config-man-22.05.11-150300.7.9.1
* slurm_22_05-config-22.05.11-150300.7.9.1
* slurm_22_05-webdoc-22.05.11-150300.7.9.1
* slurm_22_05-doc-22.05.11-150300.7.9.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* slurm_22_05-pam_slurm-22.05.11-150300.7.9.1
* slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-22.05.11-150300.7.9.1
* slurm_22_05-torque-22.05.11-150300.7.9.1
* slurm_22_05-devel-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debugsource-22.05.11-150300.7.9.1
* slurm_22_05-rest-22.05.11-150300.7.9.1
* slurm_22_05-hdf5-22.05.11-150300.7.9.1
* slurm_22_05-sjstat-22.05.11-150300.7.9.1
* perl-slurm_22_05-22.05.11-150300.7.9.1
* libpmi0_22_05-22.05.11-150300.7.9.1
* perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-cray-22.05.11-150300.7.9.1
* slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-22.05.11-150300.7.9.1
* slurm_22_05-seff-22.05.11-150300.7.9.1
* slurm_22_05-lua-22.05.11-150300.7.9.1
* slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-22.05.11-150300.7.9.1
* slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1
* libslurm38-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1
* libslurm38-22.05.11-150300.7.9.1
* slurm_22_05-munge-22.05.11-150300.7.9.1
* slurm_22_05-sview-22.05.11-150300.7.9.1
* slurm_22_05-plugins-22.05.11-150300.7.9.1
* slurm_22_05-openlava-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-22.05.11-150300.7.9.1
* slurm_22_05-hdf5-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-22.05.11-150300.7.9.1
* slurm_22_05-testsuite-22.05.11-150300.7.9.1
* libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1
* openSUSE Leap 15.5 (noarch)
* slurm_22_05-config-man-22.05.11-150300.7.9.1
* slurm_22_05-config-22.05.11-150300.7.9.1
* slurm_22_05-webdoc-22.05.11-150300.7.9.1
* slurm_22_05-doc-22.05.11-150300.7.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* slurm_22_05-pam_slurm-22.05.11-150300.7.9.1
* slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-22.05.11-150300.7.9.1
* slurm_22_05-torque-22.05.11-150300.7.9.1
* slurm_22_05-devel-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debugsource-22.05.11-150300.7.9.1
* slurm_22_05-rest-22.05.11-150300.7.9.1
* perl-slurm_22_05-22.05.11-150300.7.9.1
* libpmi0_22_05-22.05.11-150300.7.9.1
* perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-22.05.11-150300.7.9.1
* slurm_22_05-lua-22.05.11-150300.7.9.1
* slurm_22_05-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-22.05.11-150300.7.9.1
* slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1
* libslurm38-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1
* libslurm38-22.05.11-150300.7.9.1
* slurm_22_05-munge-22.05.11-150300.7.9.1
* slurm_22_05-sview-22.05.11-150300.7.9.1
* slurm_22_05-plugins-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-22.05.11-150300.7.9.1
* slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-22.05.11-150300.7.9.1
* libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* slurm_22_05-config-man-22.05.11-150300.7.9.1
* slurm_22_05-config-22.05.11-150300.7.9.1
* slurm_22_05-webdoc-22.05.11-150300.7.9.1
* slurm_22_05-doc-22.05.11-150300.7.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* slurm_22_05-pam_slurm-22.05.11-150300.7.9.1
* slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-22.05.11-150300.7.9.1
* slurm_22_05-torque-22.05.11-150300.7.9.1
* slurm_22_05-devel-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debugsource-22.05.11-150300.7.9.1
* slurm_22_05-rest-22.05.11-150300.7.9.1
* perl-slurm_22_05-22.05.11-150300.7.9.1
* libpmi0_22_05-22.05.11-150300.7.9.1
* perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-cray-22.05.11-150300.7.9.1
* slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-22.05.11-150300.7.9.1
* slurm_22_05-lua-22.05.11-150300.7.9.1
* slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-22.05.11-150300.7.9.1
* slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1
* libslurm38-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1
* libslurm38-22.05.11-150300.7.9.1
* slurm_22_05-munge-22.05.11-150300.7.9.1
* slurm_22_05-sview-22.05.11-150300.7.9.1
* slurm_22_05-plugins-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-22.05.11-150300.7.9.1
* slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-22.05.11-150300.7.9.1
* libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* slurm_22_05-config-man-22.05.11-150300.7.9.1
* slurm_22_05-config-22.05.11-150300.7.9.1
* slurm_22_05-webdoc-22.05.11-150300.7.9.1
* slurm_22_05-doc-22.05.11-150300.7.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* slurm_22_05-pam_slurm-22.05.11-150300.7.9.1
* slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-22.05.11-150300.7.9.1
* slurm_22_05-torque-22.05.11-150300.7.9.1
* slurm_22_05-devel-22.05.11-150300.7.9.1
* slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debugsource-22.05.11-150300.7.9.1
* slurm_22_05-rest-22.05.11-150300.7.9.1
* perl-slurm_22_05-22.05.11-150300.7.9.1
* libpmi0_22_05-22.05.11-150300.7.9.1
* perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-cray-22.05.11-150300.7.9.1
* slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sql-22.05.11-150300.7.9.1
* slurm_22_05-lua-22.05.11-150300.7.9.1
* slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-22.05.11-150300.7.9.1
* slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1
* libslurm38-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1
* libslurm38-22.05.11-150300.7.9.1
* slurm_22_05-munge-22.05.11-150300.7.9.1
* slurm_22_05-sview-22.05.11-150300.7.9.1
* slurm_22_05-plugins-22.05.11-150300.7.9.1
* libnss_slurm2_22_05-22.05.11-150300.7.9.1
* slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-debuginfo-22.05.11-150300.7.9.1
* slurm_22_05-node-22.05.11-150300.7.9.1
* libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* slurm_22_05-config-man-22.05.11-150300.7.9.1
* slurm_22_05-config-22.05.11-150300.7.9.1
* slurm_22_05-webdoc-22.05.11-150300.7.9.1
* slurm_22_05-doc-22.05.11-150300.7.9.1

## References:

* https://www.suse.com/security/cve/CVE-2023-49933.html
* https://www.suse.com/security/cve/CVE-2023-49936.html
* https://www.suse.com/security/cve/CVE-2023-49937.html
* https://www.suse.com/security/cve/CVE-2023-49938.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216869
* https://bugzilla.suse.com/show_bug.cgi?id=1217711
* https://bugzilla.suse.com/show_bug.cgi?id=1218046
* https://bugzilla.suse.com/show_bug.cgi?id=1218050
* https://bugzilla.suse.com/show_bug.cgi?id=1218051
* https://bugzilla.suse.com/show_bug.cgi?id=1218053



SUSE-SU-2024:0284-1: important: Security update for slurm


# Security update for slurm

Announcement ID: SUSE-SU-2024:0284-1
Rating: important
References:

* bsc#1216869
* bsc#1217711
* bsc#1218046
* bsc#1218049
* bsc#1218050
* bsc#1218051
* bsc#1218053

Cross-References:

* CVE-2023-49933
* CVE-2023-49935
* CVE-2023-49936
* CVE-2023-49937
* CVE-2023-49938

CVSS scores:

* CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-49935 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-49935 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products:

* HPC Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves five vulnerabilities and has two security fixes can now be
installed.

## Description:

This update for slurm fixes the following issues:

Update to slurm 23.02.6:

Security fixes:

* CVE-2023-49933: Prevent message extension attacks that could bypass the
message hash. (bsc#1218046)
* CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an
attacker to reuse root-level MUNGE tokens and escalate permissions.
(bsc#1218049)
* CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow.
(bsc#1218050)
* CVE-2023-49937: Prevent double-xfree() on error in
`_unpack_node_reg_resp()`. (bsc#1218051)
* CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the
wrong group permissions. (bsc#1218053)

Other fixes:

* Add missing service file for slurmrestd (bsc#1217711).
* Fix slurm upgrading to incompatible versions (bsc#1216869).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* HPC Module 15-SP5
zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2024-284=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-284=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-284=1 openSUSE-SLE-15.5-2024-284=1

## Package List:

* HPC Module 15-SP5 (aarch64 x86_64)
* slurm-sql-debuginfo-23.02.7-150500.5.15.1
* slurm-munge-23.02.7-150500.5.15.1
* slurm-cray-23.02.7-150500.5.15.1
* slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1
* slurm-rest-23.02.7-150500.5.15.1
* slurm-torque-debuginfo-23.02.7-150500.5.15.1
* slurm-plugin-ext-sensors-rrd-23.02.7-150500.5.15.1
* perl-slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-auth-none-23.02.7-150500.5.15.1
* slurm-plugin-ext-sensors-rrd-debuginfo-23.02.7-150500.5.15.1
* slurm-sview-23.02.7-150500.5.15.1
* slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-23.02.7-150500.5.15.1
* slurm-node-23.02.7-150500.5.15.1
* slurm-devel-23.02.7-150500.5.15.1
* slurm-plugins-debuginfo-23.02.7-150500.5.15.1
* slurm-torque-23.02.7-150500.5.15.1
* libpmi0-23.02.7-150500.5.15.1
* libpmi0-debuginfo-23.02.7-150500.5.15.1
* slurm-auth-none-debuginfo-23.02.7-150500.5.15.1
* slurm-sql-23.02.7-150500.5.15.1
* libnss_slurm2-23.02.7-150500.5.15.1
* libnss_slurm2-debuginfo-23.02.7-150500.5.15.1
* slurm-cray-debuginfo-23.02.7-150500.5.15.1
* slurm-rest-debuginfo-23.02.7-150500.5.15.1
* slurm-sview-debuginfo-23.02.7-150500.5.15.1
* perl-slurm-23.02.7-150500.5.15.1
* slurm-pam_slurm-23.02.7-150500.5.15.1
* slurm-debugsource-23.02.7-150500.5.15.1
* slurm-lua-23.02.7-150500.5.15.1
* libslurm39-debuginfo-23.02.7-150500.5.15.1
* libslurm39-23.02.7-150500.5.15.1
* slurm-munge-debuginfo-23.02.7-150500.5.15.1
* slurm-node-debuginfo-23.02.7-150500.5.15.1
* slurm-plugins-23.02.7-150500.5.15.1
* slurm-slurmdbd-23.02.7-150500.5.15.1
* slurm-lua-debuginfo-23.02.7-150500.5.15.1
* HPC Module 15-SP5 (noarch)
* slurm-config-man-23.02.7-150500.5.15.1
* slurm-doc-23.02.7-150500.5.15.1
* slurm-config-23.02.7-150500.5.15.1
* slurm-webdoc-23.02.7-150500.5.15.1
* SUSE Package Hub 15 15-SP5 (ppc64le s390x)
* slurm-sql-debuginfo-23.02.7-150500.5.15.1
* slurm-munge-23.02.7-150500.5.15.1
* slurm-cray-23.02.7-150500.5.15.1
* slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1
* slurm-rest-23.02.7-150500.5.15.1
* slurm-hdf5-23.02.7-150500.5.15.1
* slurm-torque-debuginfo-23.02.7-150500.5.15.1
* perl-slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-auth-none-23.02.7-150500.5.15.1
* slurm-sview-23.02.7-150500.5.15.1
* slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-23.02.7-150500.5.15.1
* slurm-node-23.02.7-150500.5.15.1
* slurm-devel-23.02.7-150500.5.15.1
* slurm-plugins-debuginfo-23.02.7-150500.5.15.1
* slurm-torque-23.02.7-150500.5.15.1
* libpmi0-23.02.7-150500.5.15.1
* libpmi0-debuginfo-23.02.7-150500.5.15.1
* slurm-auth-none-debuginfo-23.02.7-150500.5.15.1
* slurm-sql-23.02.7-150500.5.15.1
* libnss_slurm2-23.02.7-150500.5.15.1
* libnss_slurm2-debuginfo-23.02.7-150500.5.15.1
* slurm-cray-debuginfo-23.02.7-150500.5.15.1
* slurm-rest-debuginfo-23.02.7-150500.5.15.1
* slurm-sview-debuginfo-23.02.7-150500.5.15.1
* perl-slurm-23.02.7-150500.5.15.1
* slurm-pam_slurm-23.02.7-150500.5.15.1
* slurm-debugsource-23.02.7-150500.5.15.1
* slurm-lua-23.02.7-150500.5.15.1
* slurm-munge-debuginfo-23.02.7-150500.5.15.1
* slurm-hdf5-debuginfo-23.02.7-150500.5.15.1
* slurm-node-debuginfo-23.02.7-150500.5.15.1
* slurm-plugins-23.02.7-150500.5.15.1
* slurm-slurmdbd-23.02.7-150500.5.15.1
* slurm-lua-debuginfo-23.02.7-150500.5.15.1
* SUSE Package Hub 15 15-SP5 (noarch)
* slurm-seff-23.02.7-150500.5.15.1
* slurm-openlava-23.02.7-150500.5.15.1
* slurm-doc-23.02.7-150500.5.15.1
* slurm-config-23.02.7-150500.5.15.1
* slurm-webdoc-23.02.7-150500.5.15.1
* slurm-config-man-23.02.7-150500.5.15.1
* slurm-sjstat-23.02.7-150500.5.15.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* slurm-sql-debuginfo-23.02.7-150500.5.15.1
* slurm-munge-23.02.7-150500.5.15.1
* slurm-cray-23.02.7-150500.5.15.1
* slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1
* slurm-rest-23.02.7-150500.5.15.1
* slurm-hdf5-23.02.7-150500.5.15.1
* slurm-torque-debuginfo-23.02.7-150500.5.15.1
* slurm-plugin-ext-sensors-rrd-23.02.7-150500.5.15.1
* perl-slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-auth-none-23.02.7-150500.5.15.1
* slurm-plugin-ext-sensors-rrd-debuginfo-23.02.7-150500.5.15.1
* slurm-sview-23.02.7-150500.5.15.1
* slurm-debuginfo-23.02.7-150500.5.15.1
* slurm-23.02.7-150500.5.15.1
* slurm-node-23.02.7-150500.5.15.1
* slurm-devel-23.02.7-150500.5.15.1
* slurm-plugins-debuginfo-23.02.7-150500.5.15.1
* slurm-torque-23.02.7-150500.5.15.1
* libpmi0-23.02.7-150500.5.15.1
* libpmi0-debuginfo-23.02.7-150500.5.15.1
* slurm-auth-none-debuginfo-23.02.7-150500.5.15.1
* slurm-sql-23.02.7-150500.5.15.1
* libnss_slurm2-23.02.7-150500.5.15.1
* libnss_slurm2-debuginfo-23.02.7-150500.5.15.1
* slurm-cray-debuginfo-23.02.7-150500.5.15.1
* slurm-rest-debuginfo-23.02.7-150500.5.15.1
* slurm-sview-debuginfo-23.02.7-150500.5.15.1
* perl-slurm-23.02.7-150500.5.15.1
* slurm-testsuite-23.02.7-150500.5.15.1
* slurm-pam_slurm-23.02.7-150500.5.15.1
* slurm-debugsource-23.02.7-150500.5.15.1
* slurm-lua-23.02.7-150500.5.15.1
* libslurm39-debuginfo-23.02.7-150500.5.15.1
* libslurm39-23.02.7-150500.5.15.1
* slurm-munge-debuginfo-23.02.7-150500.5.15.1
* slurm-hdf5-debuginfo-23.02.7-150500.5.15.1
* slurm-node-debuginfo-23.02.7-150500.5.15.1
* slurm-plugins-23.02.7-150500.5.15.1
* slurm-slurmdbd-23.02.7-150500.5.15.1
* slurm-lua-debuginfo-23.02.7-150500.5.15.1
* openSUSE Leap 15.5 (noarch)
* slurm-seff-23.02.7-150500.5.15.1
* slurm-openlava-23.02.7-150500.5.15.1
* slurm-doc-23.02.7-150500.5.15.1
* slurm-config-23.02.7-150500.5.15.1
* slurm-webdoc-23.02.7-150500.5.15.1
* slurm-config-man-23.02.7-150500.5.15.1
* slurm-sjstat-23.02.7-150500.5.15.1

## References:

* https://www.suse.com/security/cve/CVE-2023-49933.html
* https://www.suse.com/security/cve/CVE-2023-49935.html
* https://www.suse.com/security/cve/CVE-2023-49936.html
* https://www.suse.com/security/cve/CVE-2023-49937.html
* https://www.suse.com/security/cve/CVE-2023-49938.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216869
* https://bugzilla.suse.com/show_bug.cgi?id=1217711
* https://bugzilla.suse.com/show_bug.cgi?id=1218046
* https://bugzilla.suse.com/show_bug.cgi?id=1218049
* https://bugzilla.suse.com/show_bug.cgi?id=1218050
* https://bugzilla.suse.com/show_bug.cgi?id=1218051
* https://bugzilla.suse.com/show_bug.cgi?id=1218053



SUSE-SU-2024:0288-1: important: Security update for slurm_20_11


# Security update for slurm_20_11

Announcement ID: SUSE-SU-2024:0288-1
Rating: important
References:

* bsc#1216207
* bsc#1216869
* bsc#1217711
* bsc#1218046
* bsc#1218050
* bsc#1218051
* bsc#1218053

Cross-References:

* CVE-2023-41914
* CVE-2023-49933
* CVE-2023-49936
* CVE-2023-49937
* CVE-2023-49938

CVSS scores:

* CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

An update that solves five vulnerabilities and has two security fixes can now be
installed.

## Description:

This update for slurm_20_11 fixes the following issues:

Security fixes:

* CVE-2023-41914: Prevent filesystem race conditions that could let an
attacker take control of an arbitrary file, or remove entire directories'
contents. (bsc#1216207)
* CVE-2023-49933: Prevent message extension attacks that could bypass the
message hash. (bsc#1218046)
* CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow.
(bsc#1218050)
* CVE-2023-49937: Prevent double-xfree() on error in
`_unpack_node_reg_resp()`. (bsc#1218051)
* CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the
wrong group permissions. (bsc#1218053)

Other fixes:

* Add missing service file for slurmrestd (bsc#1217711).
* Fix slurm upgrading to incompatible versions (bsc#1216869).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-288=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-288=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* perl-slurm_20_11-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-munge-20.11.9-150200.6.16.1
* slurm_20_11-debugsource-20.11.9-150200.6.16.1
* slurm_20_11-lua-20.11.9-150200.6.16.1
* slurm_20_11-plugins-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-webdoc-20.11.9-150200.6.16.1
* slurm_20_11-config-man-20.11.9-150200.6.16.1
* slurm_20_11-openlava-20.11.9-150200.6.16.1
* slurm_20_11-sql-20.11.9-150200.6.16.1
* slurm_20_11-20.11.9-150200.6.16.1
* libpmi0_20_11-20.11.9-150200.6.16.1
* slurm_20_11-sjstat-20.11.9-150200.6.16.1
* slurm_20_11-sql-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-munge-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-seff-20.11.9-150200.6.16.1
* slurm_20_11-auth-none-20.11.9-150200.6.16.1
* slurm_20_11-cray-20.11.9-150200.6.16.1
* slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-plugins-20.11.9-150200.6.16.1
* slurm_20_11-rest-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-node-20.11.9-150200.6.16.1
* slurm_20_11-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-doc-20.11.9-150200.6.16.1
* slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-pam_slurm-20.11.9-150200.6.16.1
* slurm_20_11-slurmdbd-20.11.9-150200.6.16.1
* slurm_20_11-torque-20.11.9-150200.6.16.1
* perl-slurm_20_11-20.11.9-150200.6.16.1
* libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.16.1
* libnss_slurm2_20_11-20.11.9-150200.6.16.1
* slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-cray-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-sview-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-node-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-torque-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-devel-20.11.9-150200.6.16.1
* slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-hdf5-20.11.9-150200.6.16.1
* slurm_20_11-lua-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-rest-20.11.9-150200.6.16.1
* slurm_20_11-sview-20.11.9-150200.6.16.1
* libpmi0_20_11-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-config-20.11.9-150200.6.16.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* slurm_20_11-munge-20.11.9-150200.6.16.1
* libslurm36-debuginfo-20.11.9-150200.6.16.1
* slurm_20_11-lua-20.11.9-150200.6.16.1
* slurm_20_11-webdoc-20.11.9-150200.6.16.1
* libslurm36-20.11.9-150200.6.16.1
* slurm_20_11-config-man-20.11.9-150200.6.16.1
* slurm_20_11-sql-20.11.9-150200.6.16.1
* slurm_20_11-20.11.9-150200.6.16.1
* libpmi0_20_11-20.11.9-150200.6.16.1
* slurm_20_11-auth-none-20.11.9-150200.6.16.1
* slurm_20_11-plugins-20.11.9-150200.6.16.1
* slurm_20_11-node-20.11.9-150200.6.16.1
* slurm_20_11-doc-20.11.9-150200.6.16.1
* slurm_20_11-pam_slurm-20.11.9-150200.6.16.1
* slurm_20_11-slurmdbd-20.11.9-150200.6.16.1
* slurm_20_11-torque-20.11.9-150200.6.16.1
* perl-slurm_20_11-20.11.9-150200.6.16.1
* libnss_slurm2_20_11-20.11.9-150200.6.16.1
* slurm_20_11-devel-20.11.9-150200.6.16.1
* slurm_20_11-sview-20.11.9-150200.6.16.1
* slurm_20_11-config-20.11.9-150200.6.16.1

## References:

* https://www.suse.com/security/cve/CVE-2023-41914.html
* https://www.suse.com/security/cve/CVE-2023-49933.html
* https://www.suse.com/security/cve/CVE-2023-49936.html
* https://www.suse.com/security/cve/CVE-2023-49937.html
* https://www.suse.com/security/cve/CVE-2023-49938.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216207
* https://bugzilla.suse.com/show_bug.cgi?id=1216869
* https://bugzilla.suse.com/show_bug.cgi?id=1217711
* https://bugzilla.suse.com/show_bug.cgi?id=1218046
* https://bugzilla.suse.com/show_bug.cgi?id=1218050
* https://bugzilla.suse.com/show_bug.cgi?id=1218051
* https://bugzilla.suse.com/show_bug.cgi?id=1218053