Bug 30382

Summary: slurm new security issues CVE-2022-2950[0-2]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, davidwhodgins, eatdirt, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: slurm-21.08.4-2.mga9.src.rpm CVE:
Status comment:

Description David Walser 2022-05-05 17:15:14 CEST 
Upstream has issued an advisory on May 4:
https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html

The issues are fixed upstream in 20.11.9 and 21.08.8.

Mageia 8 is also affected by the first two issues.  The first issue is very serious.
David Walser 2022-05-05 17:15:30 CEST

Status comment: (none) => Fixed upstream in 20.11.9 and 21.08.8
Whiteboard: (none) => MGA8TOO

Comment 1 Chris Denice 2022-05-05 17:35:09 CEST 
Thanks, I'll update all that!
Comment 2 Chris Denice 2022-05-05 21:18:28 CEST 
All right, new versions pushed for both mageia 8 and Cauldron.

Suggested advisory:
========================

Updated slurm packages to fix security issues CVE-2022-29500, 29501, 29502. All users are requested to update their package as these issues allow privilege escalation by unauthenticated users.

========================

Updated packages in core/updates_testing:
========================
lib(64)slurm-devel-20.11.9-1.mga8
lib(64)slurm36-20.11.9-1.mga8
slurm-20.11.9-1.mga8
lib(64)slurm-static-devel-20.11.9-1.mga8

Source RPMs: 
slurm-20.11.9-1.mga8.src.rpm

Assignee: eatdirt => qa-bugs
CC: (none) => eatdirt

Comment 3 David Walser 2022-05-05 23:21:30 CEST 
Thanks.

Advisory should have CVE descriptions, not just vague references to them.  Also remember that 29502 does not affect Mageia 8, so it wouldn't be in the advisory.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status comment: Fixed upstream in 20.11.9 and 21.08.8 => (none)

Comment 4 Chris Denice 2022-05-06 11:06:43 CEST 
Yes, feel free to fix the advisory.
Comment 5 Herman Viaene 2022-05-11 14:25:28 CEST 
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Googling for info found https://support.ceci-hpc.be/doc/_contents/QuickStart/SubmittingJobs/SlurmTutorial.html
and
https://slurm.schedmd.com/quickstart.html
That inspired me to:
# sinfo -N -l
Wed May 11 14:14:59 2022
slurm_load_partitions: Unable to contact slurm controller (connect failure)

# systemctl -l status slurmctld
* slurmctld.service - Slurm controller daemon
     Loaded: loaded (/usr/lib/systemd/system/slurmctld.service; disabled; vendor preset: disabled)
     Active: inactive (dead)
# systemctl  start slurmctld
# systemctl -l status slurmctld
* slurmctld.service - Slurm controller daemon
     Loaded: loaded (/usr/lib/systemd/system/slurmctld.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-05-11 14:19:24 CEST; 4s ago
    Process: 171402 ExecStart=/usr/sbin/slurmctld $SLURMCTLD_OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 171404 (slurmctld)
      Tasks: 11
     Memory: 1.4M
        CPU: 43ms
     CGroup: /system.slice/slurmctld.service
             `-171404 /usr/sbin/slurmctld

mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: error: Could not open trigger state file /var/spool/slurmctld/trigger_state: No such file or directory
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: error: NOTE: Trying backup state save file. Triggers may be lost!
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: No trigger state file (/var/spool/slurmctld/trigger_state.old) to recover
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: read_slurm_conf: backup_controller not specified
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: Reinitializing job accounting state
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: select/cons_tres: select_p_reconfigure: select/cons_tres: reconfigure
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: select/cons_tres: part_data_create_array: select/cons_tres: preparing for 1 partitions
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: Running as primary controller
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: No parameter for mcs plugin, default values set
mei 11 14:19:24 mach5.hviaene.thuis slurmctld[171404]: mcs: MCSParameters = (null). ondemand set.
# sinfo -N -l
Wed May 11 14:19:34 2022
NODELIST   NODES PARTITION       STATE CPUS    S:C:T MEMORY TMP_DISK WEIGHT AVAIL_FE REASON              
localhost      1    debug*     unknown 1       1:1:1      1        0      1   (null) none     

That's not much, but at least it shows the central part of slurm running and responding.
OK for me, unless someone else has a better idea.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2022-05-11 14:31:52 CEST 
Validating. Advisory in Comment 2, but needs corrections described in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 7 Dave Hodgins 2022-05-11 22:48:38 CEST 
Advisory committed to svn as ...
type: security
subject: Updated slurm packages fix security vulnerability
CVE:
 - CVE-2022-29500
 - CVE-2022-29501
src:
  8:
   core:
     - slurm-20.11.9-1.mga8
description: |
  Incorrect Access Control that leads to Information Disclosure.
  (CVE-2022-29500)
  Incorrect Access Control that leads to Escalation of Privileges and code
  execution. (CVE-2022-29501)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30382
 - https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 8 Mageia Robot 2022-05-12 12:26:13 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0174.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED