January 2024 - openSUSE Security Announce

openSUSE-SU-2024:0036-1: moderate: Security update for tinyssh
by opensuse-security＠opensuse.org 31 Jan '24

31 Jan '24

openSUSE Security Update: Security update for tinyssh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0036-1 Rating: moderate References: #1218197 Cross-References: CVE-2023-48795 CVSS scores: CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tinyssh fixes the following issues: tinyssh was updated to 20240101 (boo#1218197, CVE-2023-48795): * fixed channel_forkpty() race condition between close(slave) in parent process and login_tty(slave) in child process * fixed behavior when using terminal mode and stdin redirected to /dev/null 'ssh -tt -n' * added an 'strict-key' key exchange kex-strict- s-v00(a)openssh.com (Mitigates CVE-2023-48795 "Terrapin attack") Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-36=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): tinyssh-20240101-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-48795.html https://bugzilla.suse.com/1218197

1 0

openSUSE-SU-2024:0037-1: moderate: Security update for mbedtls
by opensuse-security＠opensuse.org 31 Jan '24

31 Jan '24

openSUSE Security Update: Security update for mbedtls ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0037-1 Rating: moderate References: #1219336 Cross-References: CVE-2024-23170 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mbedtls fixes the following issues: - Update to version 2.28.7: - Resolves CVE-2024-23170 boo#1219336 - Update to 2.28.6: Changes: * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later license. Users may choose which license they take the code under. - Update to 2.28.5: Features: * The documentation of mbedtls_ecp_group now describes the optimized representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045. Security: * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should review the size of the output buffer passed to this function, and note that the output after decryption may include CBC padding. Consider moving to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which checks for overflow of the output buffer and reports the actual length of the output. * Improve padding calculations in CBC decryption, NIST key unwrapping and RSA OAEP decryption. With the previous implementation, some compilers (notably recent versions of Clang and IAR) could produce non-constant time code, which could allow a padding oracle attack if the attacker has access to precise timing measurements. * Fix a buffer overread when parsing short TLS application data records in ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz. Bugfix: * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when using ECC key. The certificate was rejected by some crypto frameworks. Fixes gh#Mbed-TLS/mbedtls#2924. * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA signature can silently return an incorrect result in low memory conditions. * Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873, gh#Mbed-TLS/mbedtls#4300. * Fix an issue when parsing an otherName subject alternative name into a mbedtls_x509_san_other_name struct. The type-id of the otherName was not copied to the struct. This meant that the struct had incomplete information about the otherName SAN and contained uninitialized memory. * Fix the detection of HardwareModuleName otherName SANs. These were being detected by comparing the wrong field and the check was erroneously inverted. * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes gh#Mbed-TLS/mbedtls#7498. Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to indicate failure in some cases involving a missing entry or a full cache. Changes: * In configurations with ARIA or Camellia but not AES, the value of MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest. This did not affect any library code, because this macro was only used in relation with CMAC which does not support these ciphers. Its value is now 16 if ARIA or Camellia are present. This may affect application code that uses this macro. - Update to 2.28.4: Features: * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by setting the CMake variable of the same name at configuration time. Bugfix: * Fix crypt_and_hash decryption fail when used with a stream cipher mode of operation, due to the input not being a multiple of the block size. Resolves #7417. * Fix a bug where mbedtls_x509_string_to_names() would return success when given a invalid name string, if it did not contain '=' or ','. * Fix missing PSA initialization in sample programs when MBEDTLS_USE_PSA_CRYPTO is enabled. * Fix clang and armclang compilation error when targeting certain Arm M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Fixes #1077. * Fixed an issue that caused compile errors when using CMake and the IAR toolchain. * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516. * Fix builds on Windows with clang. * Fix compilation warnings in aes.c for certain combinations of configuration options. * Fix a compilation error on some platforms when including mbedtls/ssl.h with all TLS support disabled. Fixes #6628. Changes: * Update test data to avoid failures of unit tests after 2023-08-07, and update expiring certififcates in the certs - Update to 2.28.3: Features: * Use HOSTCC (if it is set) when compiling C code during generation of the configuration-independent files. This allows them to be generated when CC is set for cross compilation. * AES-NI is now supported with Visual Studio. * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM is disabled, when compiling with GCC or Clang or a compatible compiler for a target CPU that supports the requisite instructions (for example gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.) Security: * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on builds that couldn't compile the GCC-style assembly implementation (most notably builds with Visual Studio), leaving them vulnerable to timing side-channel attacks. There is now an intrinsics-based AES-NI implementation as a fallback for when the assembly one cannot be used. Bugfix: * Fix a build issue on Windows where the source and build directory could not be on different drives (#5751). * Fix possible integer overflow in mbedtls_timing_hardclock(), which could cause a crash for certain platforms & compiler options. * Fix IAR compiler warnings. Fixes #6924. * Fix a bug in the build where directory names containing spaces were causing generate_errors.pl to error out resulting in a build failure. Fixes issue #6879. * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174. * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST. The library would not link if the user didn't provide an external self-test function. The self-test is now provided regardless of the choice of internal/alternative timing implementation. Fixes #6923. * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers whose binary representation is longer than 20 bytes. This was already forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being enforced also at code level. * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by Aaron Ucko under Valgrind. * Fix behavior of certain sample programs which could, when run with no arguments, access uninitialized memory in some cases. Fixes #6700 (which was found by TrustInSoft Analyzer during REDOCS'22) and #1120. * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled. Fixes #6243. * Fix parsing of X.509 SubjectAlternativeName extension. Previously, malformed alternative name components were not caught during initial certificate parsing, but only on subsequent calls to mbedtls_x509_parse_subject_alt_name(). Fixes #2838. * Fix bug in conversion from OID to string in mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed correctly. * Reject OIDs with overlong-encoded subidentifiers when converting them to a string. * Reject OIDs with subidentifier values exceeding UINT_MAX. Such subidentifiers can be valid, but Mbed TLS cannot currently handle them. * Reject OIDs that have unterminated subidentifiers, or (equivalently) have the most-significant bit set in their last byte. * Silence a warning about an unused local variable in bignum.c on some architectures. Fixes #7166. * Silence warnings from clang -Wdocumentation about empty \retval descriptions, which started appearing with Clang 15. Fixes #6960. * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if len argument is 0 and buffer is NULL. Changes: * The C code follows a new coding style. This is transparent for users but affects contributors and maintainers of local patches. For more information, see https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-codi ng-style/ * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. As tested in issue 6790, the correlation between this define and RSA decryption performance has changed lately due to security fixes. To fix the performance degradation when using default values the window was reduced from 6 to 2, a value that gives the best or close to best results when tested on Cortex-M4 and Intel i7. - Setup the mbedtls-2 package - Build AVX2 enabled hwcaps library for x86_64-v3 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-37=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): libmbedcrypto7-2.28.7-bp155.2.3.1 libmbedtls14-2.28.7-bp155.2.3.1 libmbedx509-1-2.28.7-bp155.2.3.1 mbedtls-devel-2.28.7-bp155.2.3.1 - openSUSE Backports SLE-15-SP5 (aarch64_ilp32): libmbedcrypto7-64bit-2.28.7-bp155.2.3.1 libmbedtls14-64bit-2.28.7-bp155.2.3.1 libmbedx509-1-64bit-2.28.7-bp155.2.3.1 - openSUSE Backports SLE-15-SP5 (x86_64): libmbedcrypto7-32bit-2.28.7-bp155.2.3.1 libmbedtls14-32bit-2.28.7-bp155.2.3.1 libmbedx509-1-32bit-2.28.7-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-23170.html https://bugzilla.suse.com/1219336

1 0

SUSE-SU-2024:0283-1: important: Security update for slurm_22_05
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for slurm_22_05 Announcement ID: SUSE-SU-2024:0283-1 Rating: important References: * bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-49933 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: Update to slurm 22.05.11: Security fixes: * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-283=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-283=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-283=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-283=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-283=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * slurm_22_05-pam_slurm-22.05.11-150300.7.9.1 * slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-22.05.11-150300.7.9.1 * slurm_22_05-torque-22.05.11-150300.7.9.1 * slurm_22_05-devel-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debugsource-22.05.11-150300.7.9.1 * slurm_22_05-rest-22.05.11-150300.7.9.1 * slurm_22_05-hdf5-22.05.11-150300.7.9.1 * slurm_22_05-sjstat-22.05.11-150300.7.9.1 * perl-slurm_22_05-22.05.11-150300.7.9.1 * libpmi0_22_05-22.05.11-150300.7.9.1 * perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-cray-22.05.11-150300.7.9.1 * slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-22.05.11-150300.7.9.1 * slurm_22_05-seff-22.05.11-150300.7.9.1 * slurm_22_05-lua-22.05.11-150300.7.9.1 * slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-22.05.11-150300.7.9.1 * slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1 * libslurm38-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1 * libslurm38-22.05.11-150300.7.9.1 * slurm_22_05-munge-22.05.11-150300.7.9.1 * slurm_22_05-sview-22.05.11-150300.7.9.1 * slurm_22_05-plugins-22.05.11-150300.7.9.1 * slurm_22_05-openlava-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-22.05.11-150300.7.9.1 * slurm_22_05-hdf5-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-22.05.11-150300.7.9.1 * slurm_22_05-testsuite-22.05.11-150300.7.9.1 * libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1 * openSUSE Leap 15.3 (noarch) * slurm_22_05-config-man-22.05.11-150300.7.9.1 * slurm_22_05-config-22.05.11-150300.7.9.1 * slurm_22_05-webdoc-22.05.11-150300.7.9.1 * slurm_22_05-doc-22.05.11-150300.7.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm_22_05-pam_slurm-22.05.11-150300.7.9.1 * slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-22.05.11-150300.7.9.1 * slurm_22_05-torque-22.05.11-150300.7.9.1 * slurm_22_05-devel-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debugsource-22.05.11-150300.7.9.1 * slurm_22_05-rest-22.05.11-150300.7.9.1 * slurm_22_05-hdf5-22.05.11-150300.7.9.1 * slurm_22_05-sjstat-22.05.11-150300.7.9.1 * perl-slurm_22_05-22.05.11-150300.7.9.1 * libpmi0_22_05-22.05.11-150300.7.9.1 * perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-cray-22.05.11-150300.7.9.1 * slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-22.05.11-150300.7.9.1 * slurm_22_05-seff-22.05.11-150300.7.9.1 * slurm_22_05-lua-22.05.11-150300.7.9.1 * slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-22.05.11-150300.7.9.1 * slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1 * libslurm38-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1 * libslurm38-22.05.11-150300.7.9.1 * slurm_22_05-munge-22.05.11-150300.7.9.1 * slurm_22_05-sview-22.05.11-150300.7.9.1 * slurm_22_05-plugins-22.05.11-150300.7.9.1 * slurm_22_05-openlava-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-22.05.11-150300.7.9.1 * slurm_22_05-hdf5-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-22.05.11-150300.7.9.1 * slurm_22_05-testsuite-22.05.11-150300.7.9.1 * libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1 * openSUSE Leap 15.5 (noarch) * slurm_22_05-config-man-22.05.11-150300.7.9.1 * slurm_22_05-config-22.05.11-150300.7.9.1 * slurm_22_05-webdoc-22.05.11-150300.7.9.1 * slurm_22_05-doc-22.05.11-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_22_05-pam_slurm-22.05.11-150300.7.9.1 * slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-22.05.11-150300.7.9.1 * slurm_22_05-torque-22.05.11-150300.7.9.1 * slurm_22_05-devel-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debugsource-22.05.11-150300.7.9.1 * slurm_22_05-rest-22.05.11-150300.7.9.1 * perl-slurm_22_05-22.05.11-150300.7.9.1 * libpmi0_22_05-22.05.11-150300.7.9.1 * perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-22.05.11-150300.7.9.1 * slurm_22_05-lua-22.05.11-150300.7.9.1 * slurm_22_05-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-22.05.11-150300.7.9.1 * slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1 * libslurm38-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1 * libslurm38-22.05.11-150300.7.9.1 * slurm_22_05-munge-22.05.11-150300.7.9.1 * slurm_22_05-sview-22.05.11-150300.7.9.1 * slurm_22_05-plugins-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-22.05.11-150300.7.9.1 * slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-22.05.11-150300.7.9.1 * libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_22_05-config-man-22.05.11-150300.7.9.1 * slurm_22_05-config-22.05.11-150300.7.9.1 * slurm_22_05-webdoc-22.05.11-150300.7.9.1 * slurm_22_05-doc-22.05.11-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * slurm_22_05-pam_slurm-22.05.11-150300.7.9.1 * slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-22.05.11-150300.7.9.1 * slurm_22_05-torque-22.05.11-150300.7.9.1 * slurm_22_05-devel-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debugsource-22.05.11-150300.7.9.1 * slurm_22_05-rest-22.05.11-150300.7.9.1 * perl-slurm_22_05-22.05.11-150300.7.9.1 * libpmi0_22_05-22.05.11-150300.7.9.1 * perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-cray-22.05.11-150300.7.9.1 * slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-22.05.11-150300.7.9.1 * slurm_22_05-lua-22.05.11-150300.7.9.1 * slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-22.05.11-150300.7.9.1 * slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1 * libslurm38-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1 * libslurm38-22.05.11-150300.7.9.1 * slurm_22_05-munge-22.05.11-150300.7.9.1 * slurm_22_05-sview-22.05.11-150300.7.9.1 * slurm_22_05-plugins-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-22.05.11-150300.7.9.1 * slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-22.05.11-150300.7.9.1 * libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * slurm_22_05-config-man-22.05.11-150300.7.9.1 * slurm_22_05-config-22.05.11-150300.7.9.1 * slurm_22_05-webdoc-22.05.11-150300.7.9.1 * slurm_22_05-doc-22.05.11-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * slurm_22_05-pam_slurm-22.05.11-150300.7.9.1 * slurm_22_05-pam_slurm-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-22.05.11-150300.7.9.1 * slurm_22_05-torque-22.05.11-150300.7.9.1 * slurm_22_05-devel-22.05.11-150300.7.9.1 * slurm_22_05-slurmdbd-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-munge-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-torque-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debugsource-22.05.11-150300.7.9.1 * slurm_22_05-rest-22.05.11-150300.7.9.1 * perl-slurm_22_05-22.05.11-150300.7.9.1 * libpmi0_22_05-22.05.11-150300.7.9.1 * perl-slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-cray-22.05.11-150300.7.9.1 * slurm_22_05-lua-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sql-22.05.11-150300.7.9.1 * slurm_22_05-lua-22.05.11-150300.7.9.1 * slurm_22_05-cray-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-22.05.11-150300.7.9.1 * slurm_22_05-plugins-debuginfo-22.05.11-150300.7.9.1 * libslurm38-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-rest-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-sview-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-auth-none-debuginfo-22.05.11-150300.7.9.1 * libslurm38-22.05.11-150300.7.9.1 * slurm_22_05-munge-22.05.11-150300.7.9.1 * slurm_22_05-sview-22.05.11-150300.7.9.1 * slurm_22_05-plugins-22.05.11-150300.7.9.1 * libnss_slurm2_22_05-22.05.11-150300.7.9.1 * slurm_22_05-node-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-debuginfo-22.05.11-150300.7.9.1 * slurm_22_05-node-22.05.11-150300.7.9.1 * libpmi0_22_05-debuginfo-22.05.11-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * slurm_22_05-config-man-22.05.11-150300.7.9.1 * slurm_22_05-config-22.05.11-150300.7.9.1 * slurm_22_05-webdoc-22.05.11-150300.7.9.1 * slurm_22_05-doc-22.05.11-150300.7.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1217711 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053

1 0

SUSE-SU-2024:0284-1: important: Security update for slurm
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for slurm Announcement ID: SUSE-SU-2024:0284-1 Rating: important References: * bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218049 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-49933 * CVE-2023-49935 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49935 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49935 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for slurm fixes the following issues: Update to slurm 23.02.6: Security fixes: * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level MUNGE tokens and escalate permissions. (bsc#1218049) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2024-284=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-284=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-284=1 openSUSE-SLE-15.5-2024-284=1 ## Package List: * HPC Module 15-SP5 (aarch64 x86_64) * slurm-sql-debuginfo-23.02.7-150500.5.15.1 * slurm-munge-23.02.7-150500.5.15.1 * slurm-cray-23.02.7-150500.5.15.1 * slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-23.02.7-150500.5.15.1 * slurm-torque-debuginfo-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-23.02.7-150500.5.15.1 * perl-slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-23.02.7-150500.5.15.1 * slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-23.02.7-150500.5.15.1 * slurm-node-23.02.7-150500.5.15.1 * slurm-devel-23.02.7-150500.5.15.1 * slurm-plugins-debuginfo-23.02.7-150500.5.15.1 * slurm-torque-23.02.7-150500.5.15.1 * libpmi0-23.02.7-150500.5.15.1 * libpmi0-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-debuginfo-23.02.7-150500.5.15.1 * slurm-sql-23.02.7-150500.5.15.1 * libnss_slurm2-23.02.7-150500.5.15.1 * libnss_slurm2-debuginfo-23.02.7-150500.5.15.1 * slurm-cray-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-23.02.7-150500.5.15.1 * slurm-pam_slurm-23.02.7-150500.5.15.1 * slurm-debugsource-23.02.7-150500.5.15.1 * slurm-lua-23.02.7-150500.5.15.1 * libslurm39-debuginfo-23.02.7-150500.5.15.1 * libslurm39-23.02.7-150500.5.15.1 * slurm-munge-debuginfo-23.02.7-150500.5.15.1 * slurm-node-debuginfo-23.02.7-150500.5.15.1 * slurm-plugins-23.02.7-150500.5.15.1 * slurm-slurmdbd-23.02.7-150500.5.15.1 * slurm-lua-debuginfo-23.02.7-150500.5.15.1 * HPC Module 15-SP5 (noarch) * slurm-config-man-23.02.7-150500.5.15.1 * slurm-doc-23.02.7-150500.5.15.1 * slurm-config-23.02.7-150500.5.15.1 * slurm-webdoc-23.02.7-150500.5.15.1 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * slurm-sql-debuginfo-23.02.7-150500.5.15.1 * slurm-munge-23.02.7-150500.5.15.1 * slurm-cray-23.02.7-150500.5.15.1 * slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-23.02.7-150500.5.15.1 * slurm-hdf5-23.02.7-150500.5.15.1 * slurm-torque-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-23.02.7-150500.5.15.1 * slurm-sview-23.02.7-150500.5.15.1 * slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-23.02.7-150500.5.15.1 * slurm-node-23.02.7-150500.5.15.1 * slurm-devel-23.02.7-150500.5.15.1 * slurm-plugins-debuginfo-23.02.7-150500.5.15.1 * slurm-torque-23.02.7-150500.5.15.1 * libpmi0-23.02.7-150500.5.15.1 * libpmi0-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-debuginfo-23.02.7-150500.5.15.1 * slurm-sql-23.02.7-150500.5.15.1 * libnss_slurm2-23.02.7-150500.5.15.1 * libnss_slurm2-debuginfo-23.02.7-150500.5.15.1 * slurm-cray-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-23.02.7-150500.5.15.1 * slurm-pam_slurm-23.02.7-150500.5.15.1 * slurm-debugsource-23.02.7-150500.5.15.1 * slurm-lua-23.02.7-150500.5.15.1 * slurm-munge-debuginfo-23.02.7-150500.5.15.1 * slurm-hdf5-debuginfo-23.02.7-150500.5.15.1 * slurm-node-debuginfo-23.02.7-150500.5.15.1 * slurm-plugins-23.02.7-150500.5.15.1 * slurm-slurmdbd-23.02.7-150500.5.15.1 * slurm-lua-debuginfo-23.02.7-150500.5.15.1 * SUSE Package Hub 15 15-SP5 (noarch) * slurm-seff-23.02.7-150500.5.15.1 * slurm-openlava-23.02.7-150500.5.15.1 * slurm-doc-23.02.7-150500.5.15.1 * slurm-config-23.02.7-150500.5.15.1 * slurm-webdoc-23.02.7-150500.5.15.1 * slurm-config-man-23.02.7-150500.5.15.1 * slurm-sjstat-23.02.7-150500.5.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm-sql-debuginfo-23.02.7-150500.5.15.1 * slurm-munge-23.02.7-150500.5.15.1 * slurm-cray-23.02.7-150500.5.15.1 * slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-23.02.7-150500.5.15.1 * slurm-hdf5-23.02.7-150500.5.15.1 * slurm-torque-debuginfo-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-23.02.7-150500.5.15.1 * perl-slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-23.02.7-150500.5.15.1 * slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-23.02.7-150500.5.15.1 * slurm-node-23.02.7-150500.5.15.1 * slurm-devel-23.02.7-150500.5.15.1 * slurm-plugins-debuginfo-23.02.7-150500.5.15.1 * slurm-torque-23.02.7-150500.5.15.1 * libpmi0-23.02.7-150500.5.15.1 * libpmi0-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-debuginfo-23.02.7-150500.5.15.1 * slurm-sql-23.02.7-150500.5.15.1 * libnss_slurm2-23.02.7-150500.5.15.1 * libnss_slurm2-debuginfo-23.02.7-150500.5.15.1 * slurm-cray-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-23.02.7-150500.5.15.1 * slurm-testsuite-23.02.7-150500.5.15.1 * slurm-pam_slurm-23.02.7-150500.5.15.1 * slurm-debugsource-23.02.7-150500.5.15.1 * slurm-lua-23.02.7-150500.5.15.1 * libslurm39-debuginfo-23.02.7-150500.5.15.1 * libslurm39-23.02.7-150500.5.15.1 * slurm-munge-debuginfo-23.02.7-150500.5.15.1 * slurm-hdf5-debuginfo-23.02.7-150500.5.15.1 * slurm-node-debuginfo-23.02.7-150500.5.15.1 * slurm-plugins-23.02.7-150500.5.15.1 * slurm-slurmdbd-23.02.7-150500.5.15.1 * slurm-lua-debuginfo-23.02.7-150500.5.15.1 * openSUSE Leap 15.5 (noarch) * slurm-seff-23.02.7-150500.5.15.1 * slurm-openlava-23.02.7-150500.5.15.1 * slurm-doc-23.02.7-150500.5.15.1 * slurm-config-23.02.7-150500.5.15.1 * slurm-webdoc-23.02.7-150500.5.15.1 * slurm-config-man-23.02.7-150500.5.15.1 * slurm-sjstat-23.02.7-150500.5.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49935.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1217711 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218049 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053

1 0

SUSE-SU-2024:0288-1: important: Security update for slurm_20_11
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for slurm_20_11 Announcement ID: SUSE-SU-2024:0288-1 Rating: important References: * bsc#1216207 * bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-41914 * CVE-2023-49933 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for slurm_20_11 fixes the following issues: Security fixes: * CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. (bsc#1216207) * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-288=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-288=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * perl-slurm_20_11-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-munge-20.11.9-150200.6.16.1 * slurm_20_11-debugsource-20.11.9-150200.6.16.1 * slurm_20_11-lua-20.11.9-150200.6.16.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-webdoc-20.11.9-150200.6.16.1 * slurm_20_11-config-man-20.11.9-150200.6.16.1 * slurm_20_11-openlava-20.11.9-150200.6.16.1 * slurm_20_11-sql-20.11.9-150200.6.16.1 * slurm_20_11-20.11.9-150200.6.16.1 * libpmi0_20_11-20.11.9-150200.6.16.1 * slurm_20_11-sjstat-20.11.9-150200.6.16.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-seff-20.11.9-150200.6.16.1 * slurm_20_11-auth-none-20.11.9-150200.6.16.1 * slurm_20_11-cray-20.11.9-150200.6.16.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-plugins-20.11.9-150200.6.16.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-node-20.11.9-150200.6.16.1 * slurm_20_11-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-doc-20.11.9-150200.6.16.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.16.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.16.1 * slurm_20_11-torque-20.11.9-150200.6.16.1 * perl-slurm_20_11-20.11.9-150200.6.16.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.16.1 * libnss_slurm2_20_11-20.11.9-150200.6.16.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-devel-20.11.9-150200.6.16.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-hdf5-20.11.9-150200.6.16.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-rest-20.11.9-150200.6.16.1 * slurm_20_11-sview-20.11.9-150200.6.16.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-config-20.11.9-150200.6.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * slurm_20_11-munge-20.11.9-150200.6.16.1 * libslurm36-debuginfo-20.11.9-150200.6.16.1 * slurm_20_11-lua-20.11.9-150200.6.16.1 * slurm_20_11-webdoc-20.11.9-150200.6.16.1 * libslurm36-20.11.9-150200.6.16.1 * slurm_20_11-config-man-20.11.9-150200.6.16.1 * slurm_20_11-sql-20.11.9-150200.6.16.1 * slurm_20_11-20.11.9-150200.6.16.1 * libpmi0_20_11-20.11.9-150200.6.16.1 * slurm_20_11-auth-none-20.11.9-150200.6.16.1 * slurm_20_11-plugins-20.11.9-150200.6.16.1 * slurm_20_11-node-20.11.9-150200.6.16.1 * slurm_20_11-doc-20.11.9-150200.6.16.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.16.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.16.1 * slurm_20_11-torque-20.11.9-150200.6.16.1 * perl-slurm_20_11-20.11.9-150200.6.16.1 * libnss_slurm2_20_11-20.11.9-150200.6.16.1 * slurm_20_11-devel-20.11.9-150200.6.16.1 * slurm_20_11-sview-20.11.9-150200.6.16.1 * slurm_20_11-config-20.11.9-150200.6.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1217711 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053

1 0

SUSE-SU-2024:0264-1: moderate: Security update for xen
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for xen Announcement ID: SUSE-SU-2024:0264-1 Rating: moderate References: * bsc#1218851 Cross-References: * CVE-2023-46839 CVSS scores: * CVE-2023-46839 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-264=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-264=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-264=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-264=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-264=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-264=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-264=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-tools-domU-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-4.14.6_10-150300.3.63.1 * xen-tools-domU-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-devel-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-32bit-4.14.6_10-150300.3.63.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-tools-4.14.6_10-150300.3.63.1 * xen-tools-debuginfo-4.14.6_10-150300.3.63.1 * xen-doc-html-4.14.6_10-150300.3.63.1 * xen-4.14.6_10-150300.3.63.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_10-150300.3.63.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-64bit-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-4.14.6_10-150300.3.63.1 * xen-tools-4.14.6_10-150300.3.63.1 * xen-tools-domU-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-4.14.6_10-150300.3.63.1 * xen-devel-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * xen-tools-debuginfo-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-4.14.6_10-150300.3.63.1 * xen-tools-4.14.6_10-150300.3.63.1 * xen-tools-domU-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-4.14.6_10-150300.3.63.1 * xen-devel-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * xen-tools-debuginfo-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-4.14.6_10-150300.3.63.1 * xen-tools-4.14.6_10-150300.3.63.1 * xen-tools-domU-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-4.14.6_10-150300.3.63.1 * xen-devel-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * xen-tools-debuginfo-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_10-150300.3.63.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-tools-domU-debuginfo-4.14.6_10-150300.3.63.1 * xen-libs-4.14.6_10-150300.3.63.1 * xen-tools-4.14.6_10-150300.3.63.1 * xen-tools-domU-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-4.14.6_10-150300.3.63.1 * xen-devel-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * xen-tools-debuginfo-4.14.6_10-150300.3.63.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-4.14.6_10-150300.3.63.1 * xen-debugsource-4.14.6_10-150300.3.63.1 * xen-libs-debuginfo-4.14.6_10-150300.3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46839.html * https://bugzilla.suse.com/show_bug.cgi?id=1218851

1 0

SUSE-SU-2024:0278-1: important: Security update for slurm_20_02
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for slurm_20_02 Announcement ID: SUSE-SU-2024:0278-1 Rating: important References: * bsc#1216869 * bsc#1218046 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-49933 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.5 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for slurm_20_02 fixes the following issues: Security fixes: * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-278=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm_20_02-node-20.02.7-150100.3.30.1 * libpmi0_20_02-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-munge-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-slurmdbd-20.02.7-150100.3.30.1 * slurm_20_02-lua-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-auth-none-20.02.7-150100.3.30.1 * slurm_20_02-sjstat-20.02.7-150100.3.30.1 * slurm_20_02-config-20.02.7-150100.3.30.1 * slurm_20_02-node-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-cray-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-debugsource-20.02.7-150100.3.30.1 * slurm_20_02-testsuite-20.02.7-150100.3.30.1 * slurm_20_02-hdf5-20.02.7-150100.3.30.1 * slurm_20_02-sview-20.02.7-150100.3.30.1 * slurm_20_02-seff-20.02.7-150100.3.30.1 * perl-slurm_20_02-20.02.7-150100.3.30.1 * slurm_20_02-pam_slurm-20.02.7-150100.3.30.1 * slurm_20_02-sview-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-sql-20.02.7-150100.3.30.1 * slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.30.1 * libpmi0_20_02-20.02.7-150100.3.30.1 * slurm_20_02-torque-20.02.7-150100.3.30.1 * perl-slurm_20_02-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-lua-20.02.7-150100.3.30.1 * slurm_20_02-devel-20.02.7-150100.3.30.1 * slurm_20_02-munge-20.02.7-150100.3.30.1 * slurm_20_02-plugins-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-20.02.7-150100.3.30.1 * slurm_20_02-cray-20.02.7-150100.3.30.1 * slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-rest-20.02.7-150100.3.30.1 * slurm_20_02-webdoc-20.02.7-150100.3.30.1 * libnss_slurm2_20_02-20.02.7-150100.3.30.1 * slurm_20_02-openlava-20.02.7-150100.3.30.1 * slurm_20_02-torque-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-config-man-20.02.7-150100.3.30.1 * slurm_20_02-doc-20.02.7-150100.3.30.1 * slurm_20_02-plugins-20.02.7-150100.3.30.1 * libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-sql-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-rest-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-debuginfo-20.02.7-150100.3.30.1 * slurm_20_02-hdf5-debuginfo-20.02.7-150100.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053

1 0

SUSE-SU-2024:0279-1: important: Security update for slurm
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for slurm Announcement ID: SUSE-SU-2024:0279-1 Rating: important References: * bsc#1216207 * bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-41914 * CVE-2023-49933 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for slurm fixes the following issues: Security fixes: * CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. (bsc#1216207) * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-279=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-279=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le x86_64) * slurm-debugsource-20.11.9-150300.4.12.1 * slurm-sql-debuginfo-20.11.9-150300.4.12.1 * slurm-config-man-20.11.9-150300.4.12.1 * slurm-sql-20.11.9-150300.4.12.1 * slurm-node-20.11.9-150300.4.12.1 * slurm-lua-20.11.9-150300.4.12.1 * slurm-torque-20.11.9-150300.4.12.1 * libnss_slurm2-debuginfo-20.11.9-150300.4.12.1 * slurm-doc-20.11.9-150300.4.12.1 * slurm-munge-debuginfo-20.11.9-150300.4.12.1 * libpmi0-20.11.9-150300.4.12.1 * slurm-slurmdbd-debuginfo-20.11.9-150300.4.12.1 * slurm-hdf5-20.11.9-150300.4.12.1 * slurm-devel-20.11.9-150300.4.12.1 * slurm-rest-20.11.9-150300.4.12.1 * slurm-hdf5-debuginfo-20.11.9-150300.4.12.1 * slurm-pam_slurm-debuginfo-20.11.9-150300.4.12.1 * slurm-rest-debuginfo-20.11.9-150300.4.12.1 * slurm-cray-20.11.9-150300.4.12.1 * slurm-seff-20.11.9-150300.4.12.1 * slurm-sview-debuginfo-20.11.9-150300.4.12.1 * slurm-plugins-20.11.9-150300.4.12.1 * perl-slurm-debuginfo-20.11.9-150300.4.12.1 * slurm-20.11.9-150300.4.12.1 * slurm-config-20.11.9-150300.4.12.1 * slurm-openlava-20.11.9-150300.4.12.1 * slurm-pam_slurm-20.11.9-150300.4.12.1 * slurm-auth-none-20.11.9-150300.4.12.1 * slurm-munge-20.11.9-150300.4.12.1 * slurm-webdoc-20.11.9-150300.4.12.1 * slurm-debuginfo-20.11.9-150300.4.12.1 * slurm-sjstat-20.11.9-150300.4.12.1 * slurm-lua-debuginfo-20.11.9-150300.4.12.1 * slurm-plugins-debuginfo-20.11.9-150300.4.12.1 * slurm-cray-debuginfo-20.11.9-150300.4.12.1 * slurm-node-debuginfo-20.11.9-150300.4.12.1 * libslurm36-debuginfo-20.11.9-150300.4.12.1 * slurm-sview-20.11.9-150300.4.12.1 * perl-slurm-20.11.9-150300.4.12.1 * libslurm36-20.11.9-150300.4.12.1 * libpmi0-debuginfo-20.11.9-150300.4.12.1 * slurm-testsuite-20.11.9-150300.4.12.1 * slurm-torque-debuginfo-20.11.9-150300.4.12.1 * slurm-auth-none-debuginfo-20.11.9-150300.4.12.1 * libnss_slurm2-20.11.9-150300.4.12.1 * slurm-slurmdbd-20.11.9-150300.4.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm-debugsource-20.11.9-150300.4.12.1 * slurm-sql-debuginfo-20.11.9-150300.4.12.1 * slurm-config-man-20.11.9-150300.4.12.1 * slurm-sql-20.11.9-150300.4.12.1 * slurm-node-20.11.9-150300.4.12.1 * slurm-lua-20.11.9-150300.4.12.1 * slurm-torque-20.11.9-150300.4.12.1 * libnss_slurm2-debuginfo-20.11.9-150300.4.12.1 * slurm-doc-20.11.9-150300.4.12.1 * slurm-munge-debuginfo-20.11.9-150300.4.12.1 * libpmi0-20.11.9-150300.4.12.1 * slurm-slurmdbd-debuginfo-20.11.9-150300.4.12.1 * slurm-rest-20.11.9-150300.4.12.1 * slurm-devel-20.11.9-150300.4.12.1 * slurm-pam_slurm-debuginfo-20.11.9-150300.4.12.1 * slurm-rest-debuginfo-20.11.9-150300.4.12.1 * slurm-sview-debuginfo-20.11.9-150300.4.12.1 * slurm-plugins-20.11.9-150300.4.12.1 * perl-slurm-debuginfo-20.11.9-150300.4.12.1 * slurm-20.11.9-150300.4.12.1 * slurm-config-20.11.9-150300.4.12.1 * slurm-pam_slurm-20.11.9-150300.4.12.1 * slurm-auth-none-20.11.9-150300.4.12.1 * slurm-munge-20.11.9-150300.4.12.1 * slurm-webdoc-20.11.9-150300.4.12.1 * slurm-debuginfo-20.11.9-150300.4.12.1 * slurm-lua-debuginfo-20.11.9-150300.4.12.1 * slurm-plugins-debuginfo-20.11.9-150300.4.12.1 * slurm-node-debuginfo-20.11.9-150300.4.12.1 * slurm-sview-20.11.9-150300.4.12.1 * libslurm36-debuginfo-20.11.9-150300.4.12.1 * perl-slurm-20.11.9-150300.4.12.1 * libslurm36-20.11.9-150300.4.12.1 * libpmi0-debuginfo-20.11.9-150300.4.12.1 * slurm-torque-debuginfo-20.11.9-150300.4.12.1 * slurm-auth-none-debuginfo-20.11.9-150300.4.12.1 * libnss_slurm2-20.11.9-150300.4.12.1 * slurm-slurmdbd-20.11.9-150300.4.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1217711 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053

1 0

SUSE-SU-2024:0280-1: important: Security update for slurm_23_02
by OPENSUSE-SECURITY-UPDATES 31 Jan '24

31 Jan '24

# Security update for slurm_23_02 Announcement ID: SUSE-SU-2024:0280-1 Rating: important References: * bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218049 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-49933 * CVE-2023-49935 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49935 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49935 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: Update to slurm 23.02.6: Security fixes: * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level MUNGE tokens and escalate permissions. (bsc#1218049) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-280=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-280=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-280=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-280=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_23_02-slurmdbd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-23.02.7-150300.7.17.1 * slurm_23_02-torque-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-23.02.7-150300.7.17.1 * slurm_23_02-sview-23.02.7-150300.7.17.1 * slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-23.02.7-150300.7.17.1 * slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-rest-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-23.02.7-150300.7.17.1 * perl-slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-munge-debuginfo-23.02.7-150300.7.17.1 * libslurm39-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-debugsource-23.02.7-150300.7.17.1 * slurm_23_02-sview-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-devel-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-23.02.7-150300.7.17.1 * slurm_23_02-rest-debuginfo-23.02.7-150300.7.17.1 * perl-slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-munge-23.02.7-150300.7.17.1 * slurm_23_02-node-23.02.7-150300.7.17.1 * libslurm39-23.02.7-150300.7.17.1 * slurm_23_02-cray-23.02.7-150300.7.17.1 * slurm_23_02-node-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-slurmdbd-23.02.7-150300.7.17.1 * slurm_23_02-torque-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-cray-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-debuginfo-23.02.7-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_23_02-doc-23.02.7-150300.7.17.1 * slurm_23_02-config-23.02.7-150300.7.17.1 * slurm_23_02-webdoc-23.02.7-150300.7.17.1 * slurm_23_02-config-man-23.02.7-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * slurm_23_02-slurmdbd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-23.02.7-150300.7.17.1 * slurm_23_02-torque-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-23.02.7-150300.7.17.1 * slurm_23_02-sview-23.02.7-150300.7.17.1 * slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-23.02.7-150300.7.17.1 * slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-rest-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-23.02.7-150300.7.17.1 * perl-slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-munge-debuginfo-23.02.7-150300.7.17.1 * libslurm39-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-debugsource-23.02.7-150300.7.17.1 * slurm_23_02-sview-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-devel-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-23.02.7-150300.7.17.1 * slurm_23_02-rest-debuginfo-23.02.7-150300.7.17.1 * perl-slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-munge-23.02.7-150300.7.17.1 * slurm_23_02-node-23.02.7-150300.7.17.1 * libslurm39-23.02.7-150300.7.17.1 * slurm_23_02-cray-23.02.7-150300.7.17.1 * slurm_23_02-node-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-slurmdbd-23.02.7-150300.7.17.1 * slurm_23_02-torque-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-cray-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-debuginfo-23.02.7-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * slurm_23_02-doc-23.02.7-150300.7.17.1 * slurm_23_02-config-23.02.7-150300.7.17.1 * slurm_23_02-webdoc-23.02.7-150300.7.17.1 * slurm_23_02-config-man-23.02.7-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * slurm_23_02-slurmdbd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-23.02.7-150300.7.17.1 * slurm_23_02-torque-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-23.02.7-150300.7.17.1 * slurm_23_02-sview-23.02.7-150300.7.17.1 * slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-23.02.7-150300.7.17.1 * slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-rest-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-23.02.7-150300.7.17.1 * perl-slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-munge-debuginfo-23.02.7-150300.7.17.1 * libslurm39-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-debugsource-23.02.7-150300.7.17.1 * slurm_23_02-sview-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-devel-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-23.02.7-150300.7.17.1 * slurm_23_02-rest-debuginfo-23.02.7-150300.7.17.1 * perl-slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-munge-23.02.7-150300.7.17.1 * slurm_23_02-node-23.02.7-150300.7.17.1 * libslurm39-23.02.7-150300.7.17.1 * slurm_23_02-cray-23.02.7-150300.7.17.1 * slurm_23_02-node-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-slurmdbd-23.02.7-150300.7.17.1 * slurm_23_02-torque-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-cray-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-debuginfo-23.02.7-150300.7.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * slurm_23_02-doc-23.02.7-150300.7.17.1 * slurm_23_02-config-23.02.7-150300.7.17.1 * slurm_23_02-webdoc-23.02.7-150300.7.17.1 * slurm_23_02-config-man-23.02.7-150300.7.17.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * slurm_23_02-slurmdbd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-23.02.7-150300.7.17.1 * slurm_23_02-hdf5-23.02.7-150300.7.17.1 * slurm_23_02-torque-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-23.02.7-150300.7.17.1 * slurm_23_02-sview-23.02.7-150300.7.17.1 * slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-23.02.7-150300.7.17.1 * slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-rest-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-lua-23.02.7-150300.7.17.1 * perl-slurm_23_02-23.02.7-150300.7.17.1 * slurm_23_02-munge-debuginfo-23.02.7-150300.7.17.1 * libslurm39-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-hdf5-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-debugsource-23.02.7-150300.7.17.1 * slurm_23_02-sview-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-devel-23.02.7-150300.7.17.1 * slurm_23_02-pam_slurm-23.02.7-150300.7.17.1 * slurm_23_02-rest-debuginfo-23.02.7-150300.7.17.1 * perl-slurm_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-munge-23.02.7-150300.7.17.1 * slurm_23_02-node-23.02.7-150300.7.17.1 * libslurm39-23.02.7-150300.7.17.1 * slurm_23_02-cray-23.02.7-150300.7.17.1 * slurm_23_02-node-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-slurmdbd-23.02.7-150300.7.17.1 * slurm_23_02-testsuite-23.02.7-150300.7.17.1 * slurm_23_02-lua-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-23.02.7-150300.7.17.1 * slurm_23_02-torque-debuginfo-23.02.7-150300.7.17.1 * libnss_slurm2_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-cray-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-sql-23.02.7-150300.7.17.1 * slurm_23_02-auth-none-debuginfo-23.02.7-150300.7.17.1 * libpmi0_23_02-debuginfo-23.02.7-150300.7.17.1 * slurm_23_02-plugins-debuginfo-23.02.7-150300.7.17.1 * openSUSE Leap 15.3 (noarch) * slurm_23_02-config-23.02.7-150300.7.17.1 * slurm_23_02-seff-23.02.7-150300.7.17.1 * slurm_23_02-sjstat-23.02.7-150300.7.17.1 * slurm_23_02-openlava-23.02.7-150300.7.17.1 * slurm_23_02-webdoc-23.02.7-150300.7.17.1 * slurm_23_02-config-man-23.02.7-150300.7.17.1 * slurm_23_02-doc-23.02.7-150300.7.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49935.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1217711 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218049 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053

1 0

SUSE-SU-2024:0268-1: moderate: Security update for xen
by OPENSUSE-SECURITY-UPDATES 30 Jan '24

30 Jan '24

# Security update for xen Announcement ID: SUSE-SU-2024:0268-1 Rating: moderate References: * bsc#1218851 Cross-References: * CVE-2023-46839 CVSS scores: * CVE-2023-46839 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-268=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-268=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-268=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-268=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-268=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-268=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-268=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-268=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-268=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-268=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-268=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-268=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-268=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-268=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-268=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * SUSE Manager Proxy 4.3 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Manager Proxy 4.3 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * SUSE Manager Server 4.3 (x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * SUSE Manager Server 4.3 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-tools-domU-debuginfo-4.16.5_12-150400.4.46.1 * xen-devel-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * xen-tools-domU-4.16.5_12-150400.4.46.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-4.16.5_12-150400.4.46.1 * xen-libs-32bit-debuginfo-4.16.5_12-150400.4.46.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-4.16.5_12-150400.4.46.1 * xen-tools-4.16.5_12-150400.4.46.1 * xen-tools-debuginfo-4.16.5_12-150400.4.46.1 * xen-doc-html-4.16.5_12-150400.4.46.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.16.5_12-150400.4.46.1 * xen-libs-64bit-4.16.5_12-150400.4.46.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-debugsource-4.16.5_12-150400.4.46.1 * xen-libs-4.16.5_12-150400.4.46.1 * xen-libs-debuginfo-4.16.5_12-150400.4.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46839.html * https://bugzilla.suse.com/show_bug.cgi?id=1218851

1 0