openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:0288-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.833848

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2024:0288-1)

Zusammenfassung: The remote host is missing an update for the 'slurm_20_11' package(s) announced via the SUSE-SU-2024:0288-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'slurm_20_11' package(s) announced via the SUSE-SU-2024:0288-1 advisory.

Vulnerability Insight:
- CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. (bsc#1216207)
- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

- Add missing service file for slurmrestd (bsc#1217711).
- Fix slurm upgrading to incompatible versions (bsc#1216869).

Affected Software/OS:
'slurm_20_11' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-41914
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWKTCYZT3DXEH66QXQJYB7NI7ONDRS4M/
https://schedmd.com/security.php
Common Vulnerability Exposure (CVE) ID: CVE-2023-49933
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
https://www.schedmd.com/security-archive.php
Common Vulnerability Exposure (CVE) ID: CVE-2023-49936
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-49937
Common Vulnerability Exposure (CVE) ID: CVE-2023-49938

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.833848
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2024:0288-1)
Zusammenfassung:	The remote host is missing an update for the 'slurm_20_11' package(s) announced via the SUSE-SU-2024:0288-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'slurm_20_11' package(s) announced via the SUSE-SU-2024:0288-1 advisory. Vulnerability Insight: - CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. (bsc#1216207) - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) - CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) - CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) - CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: - Add missing service file for slurmrestd (bsc#1217711). - Fix slurm upgrading to incompatible versions (bsc#1216869). Affected Software/OS: 'slurm_20_11' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-41914 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWKTCYZT3DXEH66QXQJYB7NI7ONDRS4M/ https://schedmd.com/security.php Common Vulnerability Exposure (CVE) ID: CVE-2023-49933 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/ https://www.schedmd.com/security-archive.php Common Vulnerability Exposure (CVE) ID: CVE-2023-49936 https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html Common Vulnerability Exposure (CVE) ID: CVE-2023-49937 Common Vulnerability Exposure (CVE) ID: CVE-2023-49938
Copyright	Copyright (C) 2024 Greenbone AG