[slurm-users] Slurm versions 20.11.7 and 20.02.7 are now available (CVE-2021-31215)

Wed, 12 May 2021 13:44:36 -0700

Slurm versions 20.11.7 and 20.02.7 are now available, and include a series of recent bug fixes, as well as a critical security fix.
SchedMD customers were informed of this issue on April 28th and provided a fix on request; this process is documented in our security policy. [1] 

CVE-2021-31215:

An issue was identified with environment handling within Slurm that can 
allow any user to run arbitrary commands as SlurmUser if the 
installation uses a PrologSlurmctld and/or EpilogSlurmctld script.


Downloads are available at https://www.schedmd.com/downloads.php .

Release notes follow below.

- Tim

[1] https://www.schedmd.com/security.php

--
Tim Wickberg
Chief Technology Officer, SchedMD LLC
Commercial Slurm Development and Support


* Changes in Slurm 20.11.7
==========================
 -- slurmd - handle configless failures gracefully instead of hanging
    indefinitely.
 -- select/cons_tres - fix Dragonfly topology not selecting nodes in the same
    leaf switch when it should as well as requests with --switches option.
 -- Fix issue where certain step requests wouldn't run if the first node in the
    job allocation was full and there were idle resources on other nodes in
    the job allocation.
 -- Fix deadlock issue with <Prolog|Epilog>Slurmctld.
 -- torque/qstat - fix printf error message in output.
 -- When adding associations or wckeys avoid checking multiple times a user or
    cluster name.
 -- Fix wrong jobacctgather information on a step on multiple nodes
    due to timeouts sending its the information gathered on its node.
 -- Fix missing xstrdup which could result in slurmctld segfault on array jobs.
 -- Fix security issue in PrologSlurmctld and EpilogSlurmctld by always
    prepending SPANK_ to all user-set environment variables. CVE-2021-31215.



* Changes in Slurm 20.02.7
==========================
 -- cons_tres - Fix DefCpuPerGPU
 -- select/cray_aries - Correctly remove jobs/steps from blades using NPC.
 -- Fix false positive oom-kill events on extern step termination when
    jobacct_gather/cgroup configured.
 -- Ensure SPANK prolog and epilog run without an explicit PlugStackConfig.
 -- Fix missing xstrdup which could result in slurmctld segfault on array jobs.
 -- Fix security issue in PrologSlurmctld and EpilogSlurmctld by always
    prepending SPANK_ to all user-set environment variables. CVE-2021-31215.
















    











					Reply via email to