[slurm-users] Slurm versions 20.11.7 and 20.02.7 are now available (CVE-2021-31215)

151 views
Skip to first unread message

Tim Wickberg

unread,
May 12, 2021, 4:43:12 PM5/12/21
to slurm-a...@schedmd.com, slurm...@schedmd.com
Slurm versions 20.11.7 and 20.02.7 are now available, and include a
series of recent bug fixes, as well as a critical security fix.

SchedMD customers were informed of this issue on April 28th and provided
a fix on request; this process is documented in our security policy. [1]

CVE-2021-31215:
An issue was identified with environment handling within Slurm that can
allow any user to run arbitrary commands as SlurmUser if the
installation uses a PrologSlurmctld and/or EpilogSlurmctld script.

Downloads are available at https://www.schedmd.com/downloads.php .

Release notes follow below.

- Tim

[1] https://www.schedmd.com/security.php

--
Tim Wickberg
Chief Technology Officer, SchedMD LLC
Commercial Slurm Development and Support

> * Changes in Slurm 20.11.7
> ==========================
> -- slurmd - handle configless failures gracefully instead of hanging
> indefinitely.
> -- select/cons_tres - fix Dragonfly topology not selecting nodes in the same
> leaf switch when it should as well as requests with --switches option.
> -- Fix issue where certain step requests wouldn't run if the first node in the
> job allocation was full and there were idle resources on other nodes in
> the job allocation.
> -- Fix deadlock issue with <Prolog|Epilog>Slurmctld.
> -- torque/qstat - fix printf error message in output.
> -- When adding associations or wckeys avoid checking multiple times a user or
> cluster name.
> -- Fix wrong jobacctgather information on a step on multiple nodes
> due to timeouts sending its the information gathered on its node.
> -- Fix missing xstrdup which could result in slurmctld segfault on array jobs.
> -- Fix security issue in PrologSlurmctld and EpilogSlurmctld by always
> prepending SPANK_ to all user-set environment variables. CVE-2021-31215.

> * Changes in Slurm 20.02.7
> ==========================
> -- cons_tres - Fix DefCpuPerGPU
> -- select/cray_aries - Correctly remove jobs/steps from blades using NPC.
> -- Fix false positive oom-kill events on extern step termination when
> jobacct_gather/cgroup configured.
> -- Ensure SPANK prolog and epilog run without an explicit PlugStackConfig.
> -- Fix missing xstrdup which could result in slurmctld segfault on array jobs.
> -- Fix security issue in PrologSlurmctld and EpilogSlurmctld by always
> prepending SPANK_ to all user-set environment variables. CVE-2021-31215.

Reply all
Reply to author
Forward
0 new messages